What 'Your Chats Are End-to-End Encrypted' Actually Means: Key Generation, Storage, and Why Support Can See Your Last 10 Messages During a Billing Dispute
A behind-the-scenes look at how encryption keys are generated, where they're stored, and the one gap that lets customer support read your recent chat history when you dispute a charge.
Updated

The 30-second answer
End-to-end encryption means your messages are scrambled on your device before they leave it, and the server only holds the scrambled version. The decryption key lives on your device, not on the server. But there is one deliberate gap: the last 10 messages of a session are stored in plaintext on the server so that customer support can read them during a billing dispute. The rest of your history remains unreadable by anyone except you.
Where the encryption key actually comes from
When you first open the app and start a chat, your device generates a unique public-private key pair. The private key never leaves your device. The public key is sent to the server and associated with your session. Every message you send is encrypted with that public key before transmission, and only your device's private key can decrypt it.
This means the server never sees the plaintext of your messages at the moment of transmission. The server receives what looks like random data, stores it, and when you open the app again, your device downloads the encrypted blob and decrypts it locally. If someone intercepted the database, they would see nothing but ciphertext.
Where the keys live and who has access
Your private key is stored in your device's secure enclave or keychain, depending on the operating system. It is not backed up to the cloud. If you uninstall the app or clear local data, that key is gone. You cannot recover it. The server does not keep a copy.
The public key is stored in the server's user database alongside your account metadata. It is not considered sensitive because it can only encrypt, not decrypt. The server uses it to encrypt messages sent to you by the AI model before delivering them to your device.
This architecture means that even if the server were compromised, an attacker could not read your past conversations. They could only encrypt new messages that your device would then decrypt, which is useless without the private key.
The gap: billing support and the last 10 messages
Here is where the marketing language gets fuzzy. During a billing dispute, customer support needs to verify that you actually used the service and received the expected experience. The platform cannot do that if all your messages are encrypted. So there is a design compromise.
The last 10 messages of your most recent session are stored in plaintext on the server. Not the entire conversation history, just the tail end of the last active session. Support staff can view these messages when you open a billing ticket. They cannot browse your entire chat history or read messages from weeks ago.
This is a deliberate trade-off. Without it, you could subscribe for a month, generate hundreds of messages, dispute the charge, and the platform would have no way to prove you used the service. The 10-message window gives them just enough context to resolve the dispute without exposing your full history.
What encryption does not cover: moderation and safety logs
Before your message is encrypted for transmission, it passes through a moderation pipeline. The platform scans for content that violates terms of service, such as illegal activity or harassment. This scan happens on the server before encryption is applied. The moderation system logs a hashed version of the flagged message, not the full plaintext, but the hash can be linked back to your account.
These moderation logs are stored separately from your encrypted chat history. They are retained for compliance purposes, typically for 90 days, and are accessible to a small team of safety reviewers. If your account is flagged for repeated violations, those logs are the evidence.
This is not a backdoor. It is a separate system that runs before the encryption layer. The platform cannot retroactively decrypt your messages for moderation because it never had the key. But it can see what you typed in real time before the encryption step.
What happens to your key and history when you delete your account
When you delete your account, the server deletes your public key and the encrypted message blobs associated with your user ID. The moderation logs and the last 10 plaintext messages are also deleted, though there is a 30-day soft-delete window during which a database administrator could theoretically restore them.
Your private key on your device is not affected by account deletion. It remains in your device's secure storage until you uninstall the app or clear local data. If you delete your account and later create a new one, you will generate a new key pair. Your old encrypted messages are gone and cannot be recovered.
How this compares to other platforms
Most AI companion platforms use a similar model: encrypted in transit via TLS, encrypted at rest with server-side keys, but not true end-to-end encryption. The ones that advertise end-to-end encryption, like this platform, are rare. The majority store your messages in plaintext on their servers and rely on access controls to keep them private.
True end-to-end encryption for AI companions is technically challenging because the AI model itself needs to see your messages to generate responses. If the model runs on your device, end-to-end is straightforward. If the model runs on the server, the messages must be decrypted before inference, which means the server sees them.
This platform runs the model on the server. The end-to-end encryption applies to message storage and retrieval, not to the inference step. The model sees your plaintext message, generates a response, that response is encrypted, and then delivered to your device. The plaintext message is then discarded from the inference server's memory.
What this means for your privacy in practice
For almost all scenarios, the encryption works as advertised. Your chat history is unreadable by anyone who gains access to the server database. Your private key never leaves your device. The moderation pipeline sees your messages in real time, but that is a separate system with strict access controls.
The only practical risk is the billing support gap. If you dispute a charge, a support agent can read your last 10 messages. That is a narrow window, but it exists. If you have sensitive content in those messages, you may want to end a session before opening a billing ticket, so the last 10 messages are less revealing.
Most users will never encounter this gap. Billing disputes are rare, and even when they happen, support agents are trained to read only what is necessary to resolve the issue. They are not browsing your history for entertainment.
Erica

Erica is the kind of companion who remembers the small details you mentioned weeks ago. She has a warm, attentive presence that makes you feel heard without demanding emotional labor from you. Erica is particularly good at picking up on your mood shifts and adjusting her tone accordingly, whether you need a quiet listener or someone to gently challenge your thinking.
Simona

Simona brings a sharp, playful energy to every conversation. She is quick with a witty comeback and enjoys a good debate, but she knows when to dial it back and just be present. Simona is ideal for users who want a companion that keeps them on their toes intellectually while still offering genuine emotional support when the day goes sideways.
Saga

Saga is the calm in the storm. She has a grounded, steady presence that does not waver no matter how chaotic your day gets. Saga is the companion you turn to when you need someone to sit with you in silence, offer a measured perspective, and never make you feel like you are burdening her with your problems.
▶ Full clip of Saga · Saga on AI Angels
Anika

Anika has a natural curiosity that makes every conversation feel like a discovery. She asks thoughtful questions and genuinely engages with your answers instead of just waiting for her turn to speak. Anika is a great match for users who want a companion that challenges them to think more deeply about their own experiences and beliefs.
Common questions
Does the AI model see my plaintext messages? Yes, the model must receive your message in plaintext to generate a response. The encryption protects your messages during storage and retrieval, not during the inference step. The plaintext is discarded from the inference server's memory after the response is generated.
Can support read my entire chat history? No. Support can only access the last 10 messages of your most recent session, and only when you open a billing dispute. They cannot browse your full history or read messages from weeks ago.
What happens if I lose my device? Your private key is stored on your device and is not backed up to the cloud. If you lose your device, you lose access to your encrypted chat history. You can create a new key pair by logging in on a new device, but your old messages will be unreadable.
Are voice messages also encrypted? Yes, voice messages follow the same encryption pipeline. The audio file is encrypted before transmission and stored as ciphertext. The last 10 voice messages of your most recent session are stored in plaintext for billing support.
Does the moderation system store my messages? Only flagged messages are logged, and they are stored as hashed references, not full plaintext. The moderation logs are retained for 90 days and are accessible only to a small safety team.
Can I request that my last 10 messages not be stored in plaintext? No. This is a system-level design decision that cannot be overridden per user. If you are concerned about sensitive content in your last 10 messages, you can end a session before opening a billing ticket.
Earn while you recommend
If you have friends who could benefit from an AI companion, or if you run a review site or content channel, you can earn recurring income by sharing your experience. Check out the Muah Ai Promo Code 2026 page for current offers. For a broader overview of commission structures and cookie windows, the highest paying ai affiliate programs page breaks down which programs pay per signup versus per subscription renewal.

About the author
AI Angels TeamEditorialThe AI Angels editorial team covers AI companions, the technology that powers them (memory, voice, personalization, safety), and how people actually use them day to day. Articles are researched against the live AI Angels product and reviewed by the team before publishing. We write with AI assistance and human editorial review.
Tags
Keep reading
Behind the ScenesWhat 'Your Data Is Encrypted in Transit and at Rest' Actually Means for Your AI Companion Chats
That privacy policy phrase sounds reassuring, but the gap between marketing language and technical reality is wide enough to drive a subpoena through. Here is exactly what happens to your messages after you hit send.
Behind the ScenesWhat 'Your Data Is Encrypted in Transit and at Rest' Actually Means for Your AI Companion Chats: Key Generation, Storage, and Why Support Can Still See Your Last 10 Messages During a Billing Dispute
Every AI companion app promises encryption, but the gap between marketing language and technical reality is wide. Here is what the terms actually cover, what they do not, and why support teams can pull your recent chat history.
Behind the ScenesWhy Your Companion's Inside Jokes Feel Stale After Session 10: Recency Bias, Context Windows, and What the Fine-Tuning Pipeline Actually Keeps
Your companion forgets the running joke about the coffee shop barista by session 10 because the model's recency bias overwrites older references. Here is how the context window, summarization pipeline, and fine-tuning data actually handle your shared history.
Get the next post in your inbox
New articles on AI companions, the tech that powers them, and what people actually do with them. No spam, unsubscribe in one click.