Skip to main content

How TapTrust Works

TapTrust uses a combination of cutting-edge technologies to provide truly private AI conversations. This technical overview explains the architecture that makes it possible.

Core Technologies

Secure Enclaves for Authentication

TapTrust uses Privy for secure, privacy-focused authentication. Privy provides:
  • Cross-platform login with email, phone number and Google OAuth
  • Deterministic key derivation from user identity
  • No wallet complexity - simplified authentication flow
  • Privacy-first design that doesn’t collect unnecessary data

Secure AI Inference

For AI processing, TapTrust integrates with Tinfoil, which provides:
  • Trusted Execution Environments (TEEs) for AI inference
  • Hardware-level isolation protecting conversations during processing
  • Verifiable computing with cryptographic proof of secure execution
  • No data persistence - conversations are never stored on AI servers

Privacy Architecture

Secure Architecture Overview

┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐
│   Your Device   │    │   TapTrust      │    │   Secure AI     │
│                 │    │   Servers       │    │   (Tinfoil)     │
│ • Client App    │◄──►│                 │    │                 │
│ • Encryption    │    │ • Encrypted     │    │ • TEE/Enclave   │
│ • Key Derivation│    │   Data Storage  │    │ • Private       │
│ • Authentication│    │                 │    │   Inference     │
└─────────────────┘    └─────────────────┘    └─────────────────┘
         │                       │                       ▲
         │                       │                       │
         └───────────────────────┼───────────────────────┘
                                 │           Direct Encrypted
                                 ▼           Connection
                    ┌─────────────────┐
                    │  Secure Auth│
                    │     (Privy)     │
                    │                 │
                    │ • TEE/Enclave   │
                    │ • Generates Key │
                    └─────────────────┘

End-to-End Encryption

All messages are encrypted on your device using AES-GCM encryption before being transmitted. The encryption key is derived deterministically from your user identity, ensuring the same key is available on all your devices.
TapTrust servers store only encrypted message blobs. Even with full database access, your conversations remain unreadable without your personal encryption key.
When AI inference is needed, your encrypted messages are processed within secure enclaves that prevent even the cloud provider from accessing the plaintext data.

Data Flow

You authenticate with Privy using email or Google. A deterministic encryption key is derived from your user ID, ensuring consistent access across devices.
Your message is encrypted on your device before being saved to TapTrust’s encrypted storage. The server never sees your plaintext message.
A short-lived API key is generated to access Tinfoil’s secure AI inference. Your encrypted message is processed within a trusted execution environment.
The AI response is generated within the secure enclave and encrypted before being sent back to your device, where it’s decrypted and displayed.

Technical Benefits

Hardware-Level Security

Secure enclaves provide hardware-level isolation, making it computationally infeasible to extract your data.

Verifiable Privacy

The architecture provides cryptographic proof that your data cannot be accessed by anyone except you.

Cross-Device Sync

Deterministic key derivation allows secure access to your conversations from any device without key exchange.

Short-Lived Credentials

API keys expire in 60 seconds, minimizing the window of exposure if credentials are compromised.

Privacy Guarantees

What TapTrust Cannot See

  • Your conversation content
  • Your message attachments
  • Your AI responses
  • Your search queries or tool usage

What TapTrust Can See

  • Encrypted message blobs (unreadable without your key)
  • Message timestamps and metadata
  • Usage statistics and error logs
  • Billing and account information
This architecture ensures that even in the event of a data breach or legal request, your conversations remain private and secure.
I