Most apps say they're "secure" or "encrypted." Almost none of them tell you what that actually means in plain English. So here's what end-to-end encryption means in Arcov, what it doesn't mean, and why we made the engineering choices we did.
What end-to-end encrypted actually means
When you write a message in Arcov — a daily highlight, a voice note, a memory you save to the Vault — it's encrypted on your device before it leaves your phone. The encryption key that locks it is generated on your device when you first sign up. It never gets sent to our servers. Not on signup, not on backup, not ever.
So what travels from your phone to ours is a sealed envelope of ciphertext. We forward it to your partner's device, where their phone uses the matching key to unseal it. The whole time it's on our servers, in our database, in our backups — it's gibberish that we can't read.
That's "end-to-end": encrypted at one end (your phone), decrypted at the other end (your partner's phone), and unreadable everywhere in between, including by us.
What we cannot see
Concretely, the contents of:
- The text of your daily highlights.
- The voice notes you record.
- The photos you save to the Memory Vault.
- The messages you write to each other.
- Your mood entries.
If a court ordered us to hand over the contents of your account, we couldn't. We don't have the keys. That's not a marketing promise — it's a property of the math.
What we can see (the honest part)
We're not going to pretend Arcov is invisible. Some things have to leave your phone unencrypted for the app to work at all:
- Your email address. We need it to identify your account and help you recover access if you lose your phone.
- Your IP address when you connect, like every other server you talk to.
- Metadata about message timing. We don't see what you said, but we see that you sent something to your partner at some time — that's how we route the buzz to their phone.
- Aggregated usage stats, like "how many total users this week" — never tied to specific accounts, never sold.
That last one is important. We run on revenue from a small subscription fee — not from selling data. The whole reason we built Arcov as a paid app for two people is so we don't have to monetize what you say to each other.
Why on-device keys matter
You'll see a lot of apps claim they "encrypt your data." Most of them mean: they encrypt the data, and they hold the keys.
That kind of encryption protects you against someone breaking into our office and stealing the hard drives. It does not protect you against:
- A government request that we decrypt your data and hand it over.
- A rogue employee with admin access.
- A breach where attackers get our keys along with our data.
- Us, if we ever decided to scan your messages — to train an AI model, build a recommendation engine, or anything else.
End-to-end encryption with on-device keys protects you against all of those, because the keys aren't on our servers in the first place.
The trade-off is real: if you lose your phone and you haven't backed up your encryption key, your vault is gone forever. We can give you a new account; we cannot recover the data inside the old one. Some apps handle this by keeping a backup key on their server — which is exactly what makes their encryption breakable. We don't.
Why we built it this way
Most apps for couples treat "your relationship data" as the product. The free apps sell it to advertisers. The paid apps store it on servers they could be compelled to turn over. Either way, the most intimate things you write to your partner are sitting on someone else's computer, readable.
That bothered us. So we built Arcov as the version we'd want to use ourselves — encrypted in a way where, if you don't trust us, you don't have to. The math protects you either way.
If that matters to you too, the beta is open. Free for the first 50 couples to pair up, 12 months free for the next 200. iOS and Android.