No secrets to leak.
Just math you carry.
Sigyl replaces accounts and passwords with a cryptographic key that lives on your device. Here's the whole flow.
A key is born on your device
When you join, an Ed25519 keypair is generated and sealed inside your phone's secure hardware (StrongBox or the Trusted Execution Environment). The private half — the part that proves it's you — never leaves your device in usable form.
A three-second liveness check
A quick face check confirms you're a real, live person rather than a bot farm. Your photo never leaves your phone. Only a one-way math fingerprint is used, purely for bot-resistance — it can't be reversed into your face and isn't used to identify you.
Your Recovery Kit
You set a passphrase only you know. It's how you return on a new phone. You can also nominate trusted guardians — any three of five can help you recover. Lose the phone, keep the kit: your identity survives.
Everything you do is signed
Every post and every request carries your cryptographic signature. There are no session passwords to steal, and impersonating you is mathematically infeasible without your key.
Private by default
Direct messages are end-to-end encrypted using the Signal protocol's double ratchet. They're encrypted on your device and decrypted on your recipient's — not even Sigyl can read them.
Invite-only, capped at 5,000
The launch network is vouched and capped. It's about a small set of real humans, not infinite scale. When the cap is reached, new arrivals join a waitlist.