Your messages, secured against tomorrow's threats.

If a product is free, chances are that you are the product. Free messaging apps monetize through advertising, metadata harvesting, training data for AI systems, or by selling what they learn about you to third parties. Quldra doesn't productize our users.

We charge a small amount for bandwidth, and that is the entire business model. No ads, no analytics sold to brokers, no insight into who you talk to or what you say — we can't see any of that even if we wanted to, because every message is encrypted on your device before it leaves it. The fee pays for servers, security work, and the team who maintains the cryptography. Nothing else.

Most secure messaging apps use cryptography that is safe against today's computers but may be broken by a sufficiently powerful quantum computer in the future. Encrypted traffic collected today could then be retroactively decrypted — a threat model known as "harvest now, decrypt later".

Quldra uses ML-KEM-768 (a lattice-based key encapsulation mechanism selected by NIST for post-quantum standardization) for every session, combined with ML-DSA-65 hybrid signatures for identity. These algorithms are designed to resist attacks from both classical and quantum adversaries.

No. Every message is encrypted on your device using keys that never leave it. Our relay servers only see encrypted payloads, delivery receipts, and routing metadata — not message content. This is enforced by the cryptography, not by policy, so even if we were compelled to hand over everything we have, the content of your conversations would still be unreadable.

When you set up Quldra, you're given a 12-word recovery seed. Keep it somewhere safe — written down, in a password manager, wherever you trust. On a new device you enter the seed, your cryptographic identity is restored, and your old device is signed out automatically.

Recovery gives you a clean slate: new room keys are generated, and messages from before the recovery cannot be decrypted on the new device. This is a deliberate security property, not a bug — it means that even if someone eventually cracks into your old phone, they can't read anything you send from the new one.

Up to 200 MB per file. That covers most videos, documents, and audio recordings. Everything is encrypted client-side before upload, so the file you send is the file they receive — no server-side compression or re-encoding.

Yes. From your Quldra app, you can invite someone into a conversation through a browser link. They open chat.quldra.com, join as a guest, and exchange messages with you using the same post-quantum cryptography as the mobile app — no installation required on their end.

The browser session is the visitor seat: it can only be used to join a conversation that you started from your Quldra app. You can't initiate new dialogues from the browser itself. To start conversations, send messages, or create groups, you need the app on iOS or Android.

Each Quldra account is tied to a single active device at a time. When you sign in on a new device using your recovery seed, the previous device is signed out automatically. This keeps your cryptographic identity contained and prevents silent account cloning.

The web client at chat.quldra.com is a companion session that does not displace your mobile device.

Anyone using Quldra can earn bandwidth credit by referring new users. When someone you refer pays for bandwidth, 30% of that accrues to your balance. Once you've earned 1 GB, a credit code is issued to you. Full terms are on the affiliate page, and credits are managed through your dashboard.

Our cryptographic choices are documented publicly. We publish the encryption flow, the algorithms in use (ML-KEM-768, ChaCha20-Poly1305, Ed25519, ML-DSA-65), and the protocol versioning. If you're a security researcher who would like to review the implementation in depth, get in touch — we're happy to cooperate with responsible disclosure and independent review.