encryption

Headlance uses multiple layers of encryption to protect user data.

Transport encryption

All connections are protected by TLS 1.2/1.3 with Let's Encrypt certificates.

Password encryption

Passwords are hashed using Argon2id with 64 MB memory and 3 iterations, plus a server-side pepper.

Message encryption

Messages are encrypted server-side using AES-256-GCM. Data is protected at rest.

File encryption

Files are stored in isolated S3-compatible storage (MinIO) with application-level access control.