No vague promises or compliance badges we haven’t earned. This is the full technical picture — every layer of encryption, every hosting decision, every service we self-host and why.
Every service that touches your data, where it runs, and why we chose it. From the browser to the data centre — every layer is something we operate ourselves.
Self-hosted in Switzerland. All PII columns encrypted with AES-256-GCM. Per-tenant keys.
Privacy-first model from Swiss National AI Initiative. Self-hosted — no data leaves Switzerland.
Own mail servers on Swiss infra. Every major email provider bans adult services in their TOS.
All layers self-hosted on Swiss infrastructure
Fields with lock icon are AES-256-GCM encrypted at rest
Every piece of personal information — client names, emails, phone numbers, session notes — is encrypted before it touches the database.
Authenticated encryption with unique random IVs for every field. The same standard banks use.
Each account gets its own encryption key. A breach of one cannot decrypt another account.
All connections use TLS 1.3. No downgrade attacks, no legacy cipher suites.
Client names, emails, phone numbers, notes, preferences — all encrypted. Our engineers can't read it.
Where your data lives determines who can legally access it. We chose Switzerland deliberately.
US law criminalising platforms. BlushDesk is not US-based and holds no data on US soil.
Lets US authorities compel data from American companies. We're not a US company — no jurisdiction.
Intelligence-sharing alliance. Switzerland is not a member and has no data-sharing agreements.
One of the strongest privacy frameworks in the world. Explicit consent, limited retention, strong individual rights.
Every external service in a typical SaaS stack — email delivery, AI inference, analytics, error tracking — is a place where your data goes somewhere you don’t control, governed by a Terms of Service you didn’t write.
We replaced all of them. Postal handles email on our hardware. Apertus runs the AI on our hardware. Matomo handles analytics on our hardware. There’s no third-party in the data path because there’s no third party at all.
Mailgun, SendGrid, Resend — All ban adult services in TOS
OpenAI, Google, Anthropic — Data sent to US companies
Google Analytics, Mixpanel — Adtech tracking of users
Sentry, Datadog — PII in error payloads
Security isn’t a one-time setup. These are the ongoing practices that keep your data safe.
Automated scanning of every npm package for known vulnerabilities before deployment.
API keys, database credentials, and encryption keys stored in environment variables — never in code.
Passwords hashed with bcrypt (cost factor 12). Short-lived JWT sessions. First-party only.
Uploaded files renamed to random UUIDs. No original filenames, no metadata retained.
Every form input validated server-side with Zod schemas. Protection against injection, XSS.
Strict CSP, X-Frame-Options, and hardened file-serving headers on all responses.
Join the private beta and see how a platform built for your industry actually protects you.
Free during the private beta. No credit card required.