Threat Model and Limitations

At Prime Core Technologies Inc., we believe that security starts with transparency. Following our core principle of Honesty Over Hype, we provide this documentation to clearly define what our infrastructure protects against and what remains the responsibility of the user.

What We Mitigate (Protected Threats)

Network Interception: Protection against unauthorized eavesdropping of data while in transit across the internet.
Server-Side Data Exposure: Even in the event of a server breach, your messages remain encrypted; we cannot access your plain-text data.
Man-in-the-Middle (MITM) Attacks: The use of authenticated encryption ensures that any tampering with data during transit is immediately detected.
Third-Party Metadata Leakage: By maintaining a self-hosted infrastructure and avoiding Google or Meta trackers, we minimize the digital footprint shared with external entities.

What We Do Not Mitigate (System Limitations)

Our messenger cannot protect against threats that occur outside our software's operational environment:

Compromised Operating Systems: If the host device is infected with malware, keyloggers, or a compromised OS, data may be captured before encryption occurs.
Physical Device Access: We cannot prevent unauthorized access if your physical device is unlocked or if someone is viewing your screen in person.
User-Level Social Engineering: Protection does not extend to users sharing credentials, PINs, or sensitive information voluntarily through social engineering..
ISP-Level Network Metadata: While message content is hidden, your Internet Service Provider (ISP) can still see that a connection is being made to our servers as part of standard internet protocols.