Privacy

Fundamentals

Air is an end-to-end encrypted messenger which is designed to require as little personal data as possible. Air doesn’t register any personal data (like a phone number or email address) when you create an account. When you add a username, it isn’t linked to any data that could identify you.

Your messages (including attachments) on Air are always automatically end-to-end encrypted using the Messaging Layer Security (MLS) protocol. This means that only the members of a chat can read messages from the chat – not Air staff, server administrators, third parties, or anyone else. This also applies to information like who the members of a chat are, what messages are sent, and when they’re delivered. Your data belongs to you.

Air’s security model is to take the server operator out of the equation as much as technologically possible, so that users can always be sure their communication is protected. Air uses state-of-the-art cryptography, and the source code is available to the public. This means that Air’s commitments to security are verifiable, and anyone can review the source code.

Additionally, Air encrypts push tokens, which are technical identifiers required for a mobile device to receive push notifications. This ensures that, even when combined with other data, the push tokens can’t be used to identify you. You can learn more about why this is important by reading the blog post on the privacy of push notifications.

Transparency

Air is created by Phoenix R&D, which is a social impact tech company that co-authored the MLS protocol for end-to-end encryption, which is used by Apple, Cisco, Discord, Google, and many others. Air and its underlying technology are financed by grants (from NLnet, Open Technology Fund, Prototype Fund, and Sovereign Tech Fund).

Air is not financed by ads. Phoenix R&D can’t access your personal data (including the content of your conversations) on Air, and therefore can’t sell it, hand it out, or use it for any third-party advertising.

Security audits

Air is built on a solid foundation. The underlying end-to-end encryption protocol implementation OpenMLS went through a security audit in 2026, which you can learn more about in this blog post. Air’s initial architecture was also audited in late 2024.