Panthera S.E.M.S ("Panthera", "we", "us") operates a zero-knowledge messenger. We cannot read your messages. We cannot retrieve them. We cannot recover your account, your password, or your encryption keys. This is not a limitation — it is the entire point of the product. If you lose your password, your data is gone. That is by design.
This document explains what data exists on our infrastructure, what does not, and what your rights and responsibilities are when using Panthera.
All content is end-to-end encrypted using XChaCha20-Poly1305 with keys derived through X3DH and the Double Ratchet protocol. Server-side we store only opaque ciphertext blobs and the minimal routing metadata required to deliver them.
Panthera has no password recovery, no account recovery, and no key escrow. There is no "forgot password" flow. There is no support process that can restore access to a lost account. If your password or device is lost, the associated account and all of its historical ciphertext become permanently undecryptable.
This is not a bug, an oversight, or something we intend to change. Any recovery mechanism would require us to hold key material we could be compelled to hand over. We have chosen not to.
Your device holds identity keys, session state, and cached ciphertext inside a sealed IndexedDB store, encrypted with a key derived from your password and held only in memory during an active session. When the app auto-locks or you sign out, the in-memory key is wiped.
Panthera runs on edge compute and managed database infrastructure (currently Cloudflare Workers and a Postgres data layer accessed only through row-level-security-enforced APIs). These providers process only the opaque ciphertext, public keys, and routing metadata described above. They do not receive plaintext because plaintext does not exist on the wire.
We respond to valid legal process. Because we do not possess message content, keys, phone numbers, email addresses, real names, or contact graphs, the information we are able to produce is limited to the opaque, ciphertext-only data described in section 2 — data which is, by construction, unreadable without user-held keys we do not hold.
Panthera is not directed to children under 13 (or the equivalent minimum age under your local law). Do not use the service if you are under that age.
We may update this policy from time to time. Material changes will be reflected by a new "Effective" date at the top of this page. Continued use of the service after such changes constitutes acceptance.
Because we intentionally do not hold email addresses, all privacy-related contact is handled through the in-app contact channel on pantheraservice.app.