BitGuard encrypts every message on your device before it leaves. The server stores only ciphertext — so a breached server, a stolen session, or a lost laptop reveals nothing.
Most systems assume the server stays honest. BitGuard doesn't — it's built so the infrastructure can fall and your messages still can't be read.
The server holds only encrypted blobs — useless without your local key.
A stolen token can't decrypt anything without your password-derived key.
No reset flows, no exposed credentials; passwords are scrypt-hashed, never stored raw.
Your private key is encrypted at rest with your password. A stolen laptop yields ciphertext only.
Messages are encrypted before they're sent — and shipped over TLS on top.
Admins and the server have zero access to plaintext. Per-message whitelists gate every read.
A fresh AES key seals the message, wrapped to each recipient's public key.
The server keeps only encrypted blobs plus metadata — sender, whitelist, time.
Only whitelisted users can pull their blob. Everyone else gets a flat denial.
The recipient unwraps the key with their on-device private key. Secrets never touch the server.
Open PowerShell and paste — it installs the tray app, runs in the background, and keeps itself updated.
irm https://bitguard.scientra.one/install.ps1 | iex
Prefer manual? Download BitGuard.exe ·
Downloads the tray app to your profile and adds it to startup — no admin rights needed.
Open it from the tray, enter your registration key, and set a password that also encrypts your device key.
Send encrypted messages to whitelisted users. It lives in the tray and updates itself.