octofy

Back to blog
SecurityProductEngineering

How Octofy Encrypts Your Chats by Default

Octofy Team·

Encryption Is Not Optional

On Octofy, every prompt you send and every response you receive is encrypted before it's stored in the database. This is not a premium feature or a setting you need to enable. It's the default for every user, on every plan.

How It Works

Octofy uses PGP symmetric encryption via PostgreSQL's pgcrypto extension. Here's what that means in practice:

When you send a message

  1. Your prompt is sent to the AI provider to generate a response (this is necessary for the AI to work)
  2. Once the response comes back, both your prompt and the AI's response are encrypted using a server-side encryption key
  3. The encrypted data is stored in the database as binary data
  4. The original plaintext is never stored

When you read a message

  1. The encrypted binary data is retrieved from the database
  2. It's decrypted on the server using the same encryption key
  3. The plaintext is sent to your browser over an encrypted HTTPS connection

What's encrypted

  • Your prompts: Every question, instruction, or message you send
  • AI responses: Every answer, analysis, or generation the AI produces
  • Prompt Vault: Your saved prompts are also stored encrypted

What's stored as metadata (not encrypted content)

  • Chat identifiers and timestamps
  • Which model was used
  • Message ordering and threading data

This metadata is necessary for the app to function (sorting chats, showing which model responded, maintaining conversation order) but does not contain the substance of your conversations.

The Encryption Key

The encryption key is a server-side secret stored as an environment variable. It never leaves the server, is never exposed to clients, and is never sent to AI providers. Only Octofy's application server can encrypt and decrypt message content.

What About the AI Providers?

AI providers receive your prompts in plaintext because they need the content to generate responses. This is how every AI chat application works. The key difference is what happens after:

  • On most platforms, your conversations are stored in plaintext, tied to your identity, and potentially used for training
  • On Octofy, your conversations are encrypted at rest, your identity is separated from the content sent to providers, and your data is never used for training

EU-Hosted, Encrypted Database

The encrypted database is hosted in Finland by a Finnish provider. This means your encrypted data is:

  • Protected by EU privacy regulations (GDPR)
  • Hosted under Finnish jurisdiction (among the strongest privacy laws globally)
  • Not subject to US surveillance laws

For Enterprise: Zero Storage Option

Enterprise customers using Octofy's Sovereign deployment can go further with zero server-side storage. In this mode, no prompts or responses are stored at all, reducing the attack surface to near zero.

Why This Matters

Data breaches happen. When they do, the question is whether the exposed data is readable. With plaintext storage, a breach exposes every conversation in full. With Octofy's encryption, a breach exposes only encrypted binary data that is useless without the encryption key.

Encryption at rest is a fundamental security practice, and it should be the default for any platform handling your conversations. At Octofy, it is.

Ready to try the right AI for every task?

Access ChatGPT, Claude, Gemini & more in one platform. Start your free trial — no credit card required.