How it works: Your message is encrypted in the browser using ECIES (secp256k1 + AES-GCM) before upload. The server only ever holds ciphertext. The recipient connects their wallet, signs a challenge, then signs a deterministic keypair message to derive their decryption key locally. The gate is deleted immediately on first read.