“Privacy is not about hiding something wrong. It’s about keeping something that’s rightfully yours.”
We designed GhostCrypt assuming our own infrastructure is compromised. Even with full access to our servers, no one can read your messages — not us, not a hacker, not a government.
Our cryptographic core is open source. Every primitive, every ratchet, every key derivation is auditable. Security through transparency, not obscurity.
GhostCrypt is free for every user, on every platform, with no ads and no tracking. Privacy is a human right, not a subscription service.
Built on serious engineering
GhostCrypt runs on a carefully chosen stack. Every technology was picked for a specific reason — usually a combination of safety, performance, and proven track record at scale.
Memory-safe systems language for our cryptographic core. Zero unsafe blocks, compiled to WASM and native FFI.
Strict-mode TypeScript with React and Vite. Every state transition and API call is typed end-to-end.
Single codebase for iOS, Android, macOS, Windows, and Linux. Rust crypto bridged via flutter_rust_bridge.
Rust compiled to WebAssembly runs the same crypto in every browser tab. No JavaScript crypto ever.
Seven Go microservices: gateway, identity, relay, media, groups, presence, push. Fast, garbage-collected, battle-tested.
Protobuf-defined contracts, strongly typed inter-service RPC. Fast, versioned, and language-agnostic.
Async fanout for offline messages, group delivery, and push notifications. At-least-once delivery with per-user queues.
QUIC over UDP for primary transport with automatic WebSocket fallback. 0-RTT resume, multiplexed streams.
C++ Cassandra drop-in. Handles billions of messages with sub-millisecond writes. Partitioned by user, sharded by month.
Relational store for accounts, public key bundles, group metadata, and permissions. Strict ACID, boring and reliable.
Sub-millisecond presence, typing indicators, session tokens, and rate limits. Pub/sub for live fan-out.
Column-oriented OLAP for metrics, audit logs, and operational analytics. No message content, metadata only.
Client-side encrypted SQLite with per-device keys. All messages, contacts, and media metadata encrypted at rest.
Encrypted media blobs with signed URLs. Zero-knowledge — we only see ciphertext and content hashes.
Compose for local dev, EKS for production. Blue/green deploys, horizontal autoscaling, zero-downtime rollouts.
Metrics, logs, traces via Prometheus, Grafana, Loki, Tempo, and OpenTelemetry. Full request-level visibility.
How we got here
GhostCrypt is built in phases — each delivering a production-ready milestone. Here's the roadmap.
Rust crypto core with Signal Protocol (X3DH + Double Ratchet), Go services scaffold, PostgreSQL schema, React web client with WASM crypto.
Flutter apps for iOS and Android with Rust crypto bridged via flutter_rust_bridge. SQLCipher for local storage, FCM and APNs push.
Flutter desktop (macOS, Windows, Linux). MLS protocol for scalable group messaging. Voice and video calls with WebRTC.
ScyllaDB for message storage, ClickHouse analytics, MinIO media CDN, QUIC transport, Kubernetes deployment on AWS EKS.
CI/CD pipelines, security hardening, app store release prep, post-quantum cryptography with ML-KEM-768 hybrid KEM.
Marketing website, public beta, independent security audit, and release to App Store and Play Store.
Proudly built in India.
GhostCrypt is designed and engineered in India — a country of 1.4 billion people where digital privacy is becoming increasingly critical. We believe world-class cryptographic engineering can come from anywhere, and we’re committed to raising the bar for what Indian software can look like on the global stage.
Let's build privacy together
Whether you're a security researcher, a journalist, a potential contributor, or a recruiter — I'd love to hear from you directly.
Hiring, collaborating, or just curious? I respond to every LinkedIn message personally.
in/bhatmohsin1913For partnerships, press, feedback, or anything else. Straight to my inbox, no gatekeepers.
mohsinmanzoor1913@gmail.comResponsible disclosure welcomed. Email me directly and I will respond within 24 hours.
mohsinmanzoor1913@gmail.com