Skip to main content

Privacy at Herald

Herald was designed from the ground up to ensure your email address is never exposed to Herald’s servers, notification protocols, or any third party.

Client-side encryption

Your email is encrypted entirely in your browser using TweetNaCl.js (NaCl box encryption). The plaintext email never leaves your device — Herald's servers only ever see the encrypted ciphertext.

On-chain identity

Your encrypted email, nonce, SHA-256 hash, and notification preferences are stored in a Solana Program Derived Address (PDA). Only your wallet can authorize changes to this data.

Decryption in a TEE

When a protocol sends you a notification, Herald decrypts your email inside an AWS Nitro Enclave (Trusted Execution Environment). Memory is zeroed immediately after the email is routed — nothing is persisted.

What Herald never stores

  • Your plaintext email address
  • Your wallet public key (we store SHA-256 hashes only)
  • Any association between your email and wallet in our database

ZK receipts

Every email delivery produces a ZK-compressed receipt on Solana via Light Protocol. This gives you verifiable, immutable proof that notifications were delivered — without exposing your identity.

GDPR compliance

You can delete your on-chain identity at any time from the Preferences page. This permanently closes your IdentityAccount PDA and returns the rent to your wallet. All future notifications will be silently dropped.