Symmate Get started
SOVEREIGNTY & SECURITY

What we can honestly say — and what we can't.

Never overclaim. Honesty here is the whole brand. Below is exactly what holds today, scoped the way it should be scoped: provable where it's provable, strong where it's strong, and caveated where the work isn't shipped yet.

ENCRYPTED AT REST

Encrypted under keys only you hold.

Stored data is encrypted under keys only you hold — the same class of encryption as Signal. We mathematically cannot read what's at rest.

During an active session, your data is decrypted only in memory — never logged or persisted in the clear. We hold no readable copy of your stored data at any point.

at rest   ENCRYPTED · HOST-KEY
operator  CANNOT READ AT REST
in use    RAM-ONLY · UNLOGGED
term      keys only you hold

Not zero-knowledge proofs. "Keys only you hold" means encryption under keys you hold — not zk-SNARKs.

THE SPLIT THAT MATTERS

Self-hosted and hosted are not the same promise.

We always tell you which one you're getting. Conflating them would be the easiest place to overclaim — so we don't.

SELF-HOSTED

Genuinely end-to-end. No operator.

On your own hardware, there is no operator in the loop. The engine is open source (AGPL-3.0) — you can audit the code yourself, and the gate is code you can read.

HOSTED SYMMATE

Encrypted at rest, ephemeral in use.

On our hosted tier, your data is encrypted at rest under your keys and decrypted only in memory under zero-retention. Hardware attestation (coming) will make blindness in use verifiable rather than trusted.

WARRANT-PROOF AGAINST US

We can only hand over what we can read. We can't read it.

Warrant-proof against us — we have nothing readable to hand over.

The honest caveat. You remain a keyholder, and you can still be compelled. "Warrant-proof against us" is a real, specific promise — not a promise that no one can ever reach your data through you.

PROVABLE VS PROBABILISTIC

Two different kinds of guarantee — and we never mix them up.

PROVABLE · DATA EGRESS

The deterministic spine.

The data-egress gate is deterministic — no LLM in it. On your own hardware it's code you can audit; on hosted, attestation (coming) makes it verifiable. This is the part we call provable.

PROBABILISTIC · JUDGMENT

Strong, not unbreakable.

Behavioural refusals and safety judgments are prompt-level and probabilistic — jailbreakable in principle. We call them strong, never proven.

WHAT'S SHIPPED, WHAT'S ROADMAP

The caveats we carry on every claim.

  • SPEC ≠ SHIPPED The sovereignty crypto is largely spec; the live runtime implements the agent lifecycle today. No claim here implies a feature is live before it is.
  • KEY-LOSS = DATA-LOSS You hold the only key today — which means key-loss is data-loss until threshold recovery (Shamir 2-of-3 / peer-pod) ships.
  • A2A · OFF BY DEFAULT Agent-to-agent is opt-in and off by default; the Base tier is programmatically incapable of it. Traffic-analysis resistance is a requirement we're building, not a feature we claim.
  • OPEN ENGINE · NO WEIGHTS The engine (Mox-Framework) is open source under AGPL-3.0 and ships no weights. We rent frontier brains and run local quants. The moat is architectural, not the model.
  • AI DISCLOSURE · MANDATORY A Symmate always discloses that it's an AI. That's charter law, not a setting.
  • CHARTERS · DRAFT Two charters exist; both are currently DRAFT, unratified, and not yet anchored.

Trust by construction — and nothing more than we can prove.

Get started →