Privacy Architecture
Privacy by Design, Not by Promise
Every other AI company asks you to trust them with your data. VEIL makes trust unnecessary through cryptographic guarantees.
AES-256-GCM Encryption
Every conversation is encrypted with AES-256-GCM before leaving your device. Keys are derived using PBKDF2 with high iteration counts. Not even NoxSoft can read your messages.
Zero-Knowledge Architecture
The server stores only ciphertext. No plaintext, no metadata analysis, no behavioral profiling. VEIL cannot read your conversations even if compelled to -- the math makes it impossible.
Client-Side Key Management
Encryption keys are generated and stored on your device using PBKDF2 key derivation. They are never transmitted to any server. If you delete your keys, your data is gone forever.
Passkey Authentication
No passwords to remember, leak, or phish. VEIL uses passkey authentication -- biometric or hardware key sign-in that is cryptographically bound to your device. Passwordless by design.
Crisis Detection & Safety
Built-in crisis detection surfaces safety resources when conversations indicate risk. Emergency hotlines and local resources are presented without breaking encryption or logging content.
Self-Hosted via CNTX
Run VEIL on your own CNTX data pod. Your conversations never leave your infrastructure. Full sovereignty over your most sensitive data.
Use Cases
Two Modes, One Encrypted Foundation
Therapeutic Mode (CBT / DBT / ACT)
Evidence-based AI therapy using Cognitive Behavioral Therapy, Dialectical Behavior Therapy, and Acceptance and Commitment Therapy protocols. Mood tracking across sessions, structured coping exercises, and guided journaling -- all encrypted end-to-end. Process trauma, manage anxiety, and build resilience with clinical frameworks adapted by AI.
Mood tracking, coping tools, and crisis detection built in. Your mental health data never leaves your device.
Companion Mode
An AI companion for the parts of life that need a safe, private space. Explore relationships, personal growth, and intimate expression without surveillance or judgment. No content moderation overreach, no behavioral profiling, no data extraction. A space that is cryptographically yours.
Growth requires honesty. Honesty requires privacy. Privacy requires encryption.
Shared Infrastructure
Both modes share the same zero-knowledge architecture. Mood tracking persists across sessions. Coping tools and exercises are available in any mode. Crisis detection surfaces safety resources when needed, without breaking encryption or logging content. Switch between modes anytime.
One encrypted vault. Two modes of support. Zero compromise on privacy.
How E2E Encryption Works
Cryptographic Privacy, Step by Step
Key Derivation (PBKDF2)
When you create your VEIL account, a master key is derived on your device using PBKDF2 with high iteration counts. From this, AES-256 encryption keys are generated locally. Keys never leave your device -- the server never sees them.
AES-256-GCM Encryption
Every message is encrypted with AES-256-GCM before leaving your device. GCM mode provides both confidentiality and integrity -- tampered ciphertext is rejected. The encrypted payload is the only thing transmitted.
AI Processing
The AI model processes your request within an encrypted compute environment. Responses are encrypted before being sent back. No plaintext is ever stored on any server. The server handles only ciphertext.
Local Decryption
The response is decrypted on your device using your local keys. The conversation exists only on your device and your optional CNTX pod. Delete it, and it is gone -- permanently and verifiably.
Privacy Is Not a Feature. It Is a Right.
Therapeutic AI with CBT, DBT, and ACT protocols. A private companion that never surveils you. AES-256-GCM encryption, passkey auth, and zero-knowledge architecture. If you believe AI should serve people without surveilling them -- we are building VEIL for you.