End-to-end encrypted · Peer-to-peer

Private by design.
Encrypted by default.

B3 is a secure messenger built for people who mean it. Messages, calls, files and your personal vault, sealed with device-side cryptography that even our servers can't read.

Download the APK How it protects you
P-256 + AES-GCM Zero plaintext at rest Auto-burning messages
🔒 Live at bfree.st · signaling on ws.bfree.st
What B3 does

Everything you need to communicate. Built to stay private.

A full private-comms toolkit in one app: messaging, calls, file transfer, and an encrypted personal vault.

Encrypted Messaging

1-to-1 chats encrypted on your device before they ever touch the network. The server only ever sees opaque ciphertext.

Private P2P Calls

WebRTC voice/video over a direct peer connection with DTLS-SRTP media encryption. Call audio flows device-to-device.

Secure File Transfer

Send documents, photos and media end-to-end encrypted over the same channel, direct P2P when both peers are online.

Encrypted Vault

A private space for sensitive files, notes and your calendar, all locked behind the same on-device encryption.

Private Calendar

Events, reminders and birthdays with exact on-time alarms and deep-links, stored locally, never synced to the cloud.

QR Contact Pairing

Add contacts by scanning a QR code, exchanging identity keys in person so you know exactly who you're talking to.

Safety & Protection

Built like a vault, not a billboard

Every layer assumes the network, and even the server, is hostile. Here's what's standing between your data and everyone else.

True end-to-end encryption

Content is encrypted on your device with P-256 ECDH key agreement and AES-GCM. The server relays ciphertext it cannot decrypt.

Hardware-backed keys

Your identity keys live in the Android Keystore (StrongBox where available), generated and used inside secure hardware, never exported.

Encrypted local database

Chat history is stored in a SQLCipher database, keyed by a 256-bit secret sealed under a Keystore master key.

Burn-after-read & short retention

Messages can self-destruct on read, are deleted on delivery, and any undelivered copy is purged from the server within hours.

Duress & panic wipe

A duress passcode instantly destroys all local data: identity, sessions, the database and its key, leaving nothing to recover.

Certificate pinning

Every connection is pinned to trusted root CAs, blocking man-in-the-middle interception even if a CA is compromised.

Proof-of-possession login

You authenticate by signing a server challenge with your private key. No passwords to phish, and a stolen ID can't impersonate you.

Identifiers hashed at rest

User, device and prekey records are keyed by HMAC-SHA256 hashes, so the database doesn't hold your raw identity in the clear.

A fresh key for every message

Every message is sealed with its own one-time key, derived from a forward-ratcheting chain. No two messages share encryption, so compromising one message’s key leaves every other message sealed.

Burn-on-view Stories

Share a moment that burns the instant it's viewed. Screenshots are blocked, it stays strictly between the two of you, and vanishes once seen.

Under the hood

The encryption, in plain numbers

No mystery crypto. Standard, audited primitives, applied client-side, end to end.

P-256
ECDH curve
AES-GCM
Message cipher
X3DH
Key exchange
SQLCipher
Local DB · 256-bit

B3 uses an X3DH-style prekey bundle (an identity key, a signed prekey and one-time prekeys) so a session can be established even when a contact is offline. Call media rides a separate DTLS-SRTP encrypted P2P channel. Public keys are the only key material the server ever stores.

The perks

Why people choose B3

No phone number requiredYour identity is a cryptographic key, not your SIM.
Works offline tooStore-and-forward delivers when your contact reconnects.
Server can't read your messagesOnly ciphertext ever leaves your device.
Direct peer-to-peer deliveryWhen both online, messages and files skip the middleman.
App lock & duress wipeProtect the app, and nuke everything under coercion.
All-in-oneMessaging, calls, files, vault and calendar in one app.
Self-hostable backendGo signaling server + Postgres you can run yourself.
Minimal metadata footprintHashed identifiers and aggressive purging by default.
Enterprise

Private communications for business and institutions

Take B3's privacy to your whole organization. Self-hosted messaging, a managed VPN and private email, all running on infrastructure you control.

Private Messaging Infrastructure

Deploy B3 on your own servers. End-to-end encrypted chat, calls and file transfer for your entire team, with no outside party in the loop.

Managed Private VPN

A WireGuard-based VPN for your organization: secure remote access and encrypted tunnels between offices, sites and devices.

Private Email Service

Custom-domain mailboxes on infrastructure you control, with strong encryption and aggressive, minimal data-retention policies.

Dedicated & Compliant

Dedicated infrastructure, admin controls, onboarding and direct support, tailored to institutions with strict privacy and compliance needs.

Your servers or ours. Run B3 on our hardened, privacy-first servers, or deploy it entirely on a private server your organization owns and trusts.

Talk to our team

Take back your privacy.

Install B3 and start communicating on your terms: encrypted, peer-to-peer, and yours alone.

Download B3 for Android Explore features

B3 gives you strong content confidentiality. Like any messenger it needs some routing data to deliver your messages, but we don't keep it. The server auto-wipes everything every few hours: any logs we must hold for delivery get purged clean, metadata included. We believe in being honest about what encryption does and doesn't protect.