← Back to home Help

Frequently asked questions

Straight answers about how Qwing protects your messages, what the server can and can't see, and how the wallet and recovery work.

Encryption & the post-quantum question

Is Qwing really end-to-end encrypted?

Yes. Message text, files, voice notes, call audio and video, and even your profile name and avatar are encrypted on your device and only decrypted on your recipient's device. The keys never reach the server, so the server only ever relays opaque ciphertext.

The encryption is on by default and there is no setting to turn it off. There is no “cloud” copy of your messages in plaintext anywhere.

What does “post-quantum” actually mean?

Most of today's encryption — RSA, elliptic curves — would break the day a large enough quantum computer exists. Post-quantum algorithms are built on math that quantum computers do not shortcut.

Qwing uses ML-KEM-1024 (NIST FIPS 203) for key exchange and ML-DSA-87 (NIST FIPS 204) for identity signatures — both NIST-standardized lattice cryptography at the highest security level — for every byte that leaves your device, today. There is no classical fallback to weaken it.

Which exact algorithms does Qwing use?

ML-KEM-1024 (FIPS 203) — post-quantum key exchange, replacing RSA / Diffie-Hellman. Qwing uses the largest, highest-security variant.

ML-DSA-87 (FIPS 204) — post-quantum identity signatures, replacing ECDSA / Ed25519.

XChaCha20-Poly1305 — the symmetric cipher that encrypts the actual message and media bytes once a key is established.

Q-Ratchet — Qwing's post-quantum double ratchet. Every message uses a fresh key derived from the previous one, providing forward secrecy and post-compromise security; the asymmetric step that keeps it quantum-safe uses ML-KEM-1024.

Together this is NIST Security Level 5 — the strongest tier NIST defines.

Why bother now, if cryptographically-relevant quantum computers don't exist yet?

Because of “harvest now, decrypt later.” An adversary can record your encrypted traffic today, store it, and decrypt it years from now once the hardware exists. Anything protected only by classical math is on borrowed time.

A message you send through Qwing today is meant to stay private long after the quantum era begins — that is the whole point of migrating first instead of last.

What the server can see

Can the server read my messages?

No. Content is encrypted on your device with keys the server never sees. In practice, most traffic doesn't even pass through our server — once two devices know each other, calls and files flow directly peer-to-peer, and the server is only a matchmaker that helps the devices find each other.

When a message does route through the server (the recipient is offline, or the network blocks a direct connection), it is stored as opaque ciphertext and deleted roughly five minutes after delivery. We don't keep it after that. If we were compelled to hand over data, what exists is whatever ciphertext is still pending in the queue at that moment — and we cannot decrypt any of it.

Can the server see who I'm talking to?

For established conversations, Qwing uses sealed sender: the server delivers your message without learning who sent it. There is no public address book, no social graph stored on the server, and no read receipts logged server-side. The most valuable surveillance signal — who, and how often — is designed never to exist.

Do I need a phone number or email to sign up?

No. Your identity in Qwing is a cryptographic key pair generated on your device — no phone number, no email, no SIM, no address-book upload. You share a contact by a link or QR code (qwing.app/add/<id>), and that is the only thread that connects you. There is no global directory of users, by design.

What metadata do you actually keep?

The server holds a random account ID and your public keys, your most recent push token, and queued ciphertext envelopes that are deleted shortly after delivery. When your device connects, the server necessarily sees your IP for the duration of the connection, retained only briefly in rotating logs for abuse protection. We do not keep server-side message logs, “last seen” timestamps, or read receipts. The Privacy Policy has the full retention table.

Calls, devices & safety

What protects my voice and video calls?

Calls are end-to-end encrypted and routed peer-to-peer by default. Each call's media is sealed with a key wrapped by your peer's ML-KEM-1024 public key, on top of the standard transport encryption WebRTC uses — so media is double-sealed. If the network forces a relay (a strict firewall or NAT), the relay handles encrypted packets only: it never holds keys and never sees your audio or video.

How do I know I'm talking to the right person, not a man-in-the-middle?

When a call connects, both sides see a short SAS safety phrase derived from the call's keys. Read it aloud — if it matches on both ends, there is no one in the middle. If the post-quantum key never applied, the phrase is hidden rather than showing a comforting badge backed by nothing.

For chats, you can compare the in-app safety number with a contact to confirm the channel.

What if my phone is lost or stolen?

Your local message database is encrypted at rest. The app can be gated by a PIN, and you can set self-destruct timers per chat. A separate panic PIN wipes local data immediately when entered at the lock screen, and notifications can be set to never reveal the sender or content on the lock screen.

Can I move to a new phone?

Yes. Move to a new device by scanning an animated QR code — your keys travel directly between your two devices, never through a server. Your recovery phrase is the backstop if you lose a device: it can restore your identity and your wallet. Keep it somewhere safe and offline; anyone who has it has your account.

The wallet

Is the wallet self-custodial? What can it do?

Qwing includes a self-custodial wallet. Your keys are derived from your recovery phrase and stored only on your device — Qwing never holds them and never can. The wallet signs and broadcasts real transactions across multiple EVM-compatible networks; those transactions are recorded permanently on-chain and are irreversible.

Because it is non-custodial, Qwing cannot reverse, freeze, or recover a transaction or any lost funds, and a third-party RPC provider can see your wallet address and IP when you broadcast. Read the full Wallet Disclosure before you send anything.

What happens to my funds if I lose my recovery phrase?

If you lose your device and your recovery phrase, your funds are permanently unrecoverable. There is no reset and no support path that can retrieve them — that is the trade-off of true self-custody. Back up your recovery phrase offline, and never share it with anyone. Qwing will never ask you for it.

Account & availability

How do I delete my account?

In the app, go to Settings → Delete account and confirm. This calls the server to remove your data and wipes the app's local data on your device in one step. Messages already delivered to your contacts stay on their devices, and on-chain transactions remain public. Full detail and timeline are on the Account Deletion page.

Which platforms is Qwing available on?

Qwing runs on iOS and Android. The cryptography stack and call protocol are implemented to the same standard on both so the two platforms interoperate.

What happens if Qwing shuts down?

Your local message database stays on your device, encrypted with your key — your messages were never uploaded in plaintext, so there is no cloud lock-in. What you would lose is delivery of new messages. Your self-custodial wallet is independent of Qwing's servers: as long as you have your recovery phrase, you can restore it in any compatible wallet.

Still have questions?