UnlockGPTUnlockGPT
Security & Privacy at UnlockGPT

Your data, locked by design.
Even from us.

UnlockGPT connects your inboxes, calendars, and files — so we built it to be physically unable to read any of them. Here's exactly how that works, in plain words. No jargon, no fine-print tricks.

AES-256
bank-grade encryption on every message
600,000×
your passphrase is mixed into a key, on your device
0 words
of your conversations in our logs — only numbers
9.4 / 10
ESOF Cyber Score, CASA Tier 2 certified
Six promises, kept by math

Privacy that doesn't depend on trusting us.

Most companies promise not to look at your data. We went further: we built a system where looking is mathematically impossible. Each promise below isn't a policy — it's how the product physically works.

01
A key only you hold.
When you set up UnlockGPT you choose a passphrase. Your device — not our servers — transforms it into an encryption key, mixing it 600,000 times so it's practically impossible to guess. We never see or store that key. We keep only a one-way fingerprint of your passphrase to check it's really you — and a fingerprint can't be turned back into a key.
02
Everything meaningful is encrypted.
Not just your messages: the AI's answers, the emails and files it reads for you, its internal reasoning, even the little preview in your chat list — all of it is stored as scrambled AES-256 ciphertext. Open our database and you'd find a filing cabinet of sealed envelopes: you can count them and see when they arrived, but no one can open a single one.
03
Your accounts, never your passwords.
Connecting Gmail, Outlook, or Dropbox never gives us your password. Google or Microsoft hand us a limited access pass instead — and we encrypt that pass too, with a separate key kept out of the database. Disconnect in settings and the encrypted pass is deleted from our database on the spot; revoke it from your provider's security page and it dies everywhere, instantly.
04
We count. We never read.
Like an electricity meter that knows your kilowatt-hours but not what you watched, we record only numbers: how many AI tokens a request used, which model answered, how fast, whether it worked. These numbers live in a separate ledger that never contained a single word of your conversations — so there's nothing there for anyone to read.
05
AI with zero memory.
Your requests are processed by Fireworks AI with Zero Data Retention: your prompt exists in memory only for the seconds needed to answer, then it's gone. Nothing written to disk, nothing used to train models — not by them, not by us. We don't build AI models, so we have no reason to hoard your data.
06
Delete means delete.
Remove a chat and it's gone from our live database immediately — messages, tasks, everything. Delete your account and your chats, files, search indexes, and account passes vanish in one cascading operation. Backup copies expire on a rolling cycle and stay encrypted with your key until they do.
The honest fine print

Real security has trade-offs. Here are ours.

A privacy page that only lists the good parts is marketing. These are the three things an honest engineer would want you to know before you trust us.

If you lose your passphrase, we can't recover your chats.
There's no "reset and get everything back" — that would only be possible if we secretly kept a way in, and we don't. You can reset your encryption and start fresh, but old conversations stay locked forever. This limitation is the proof the system works.
Usage numbers outlive your chats — anonymously.
The token counts and response times we use to plan capacity stay in our ledger for up to 36 months, then they're deleted automatically. They never contained your words — and the moment you delete your account, they're anonymized: stripped of the identifier that pointed at you.
A few labels stay readable, so the app can work.
Chat titles, dates, message counts, and the names of tools the AI used (like "searched email") aren't encrypted — your chat list has to load before you unlock it. What was searched, said, or found is always sealed.
Don't take our word for it.

UnlockGPT holds CASA Tier 2 certification (Cloud Application Security Assessment), independently validated by TAC Security — with an ESOF Cyber Score of 9.4/10 and zero critical or high-severity findings. All infrastructure runs in Europe: Google Cloud and MongoDB Atlas, all EU regions.

9.4
ESOF Cyber Score
Tier 2
CASA certified

Work with AI that minds its own business.

One chat across every account you use — encrypted so thoroughly that even we can't peek. The legally precise versions of every promise on this page live in our Privacy Policy and Terms of Service.

Try UnlockGPTRead the Privacy Policy

Questions about security? Write to [email protected]