Handle and Distribute Private Keys

Hey there, an obvious question that would come up from security experts related to your service. How is the private key for these accounts distributed? How do people know that a 3rd party doesn’t have access to our private keys generated through FlowCrypt?


When generating private keys in FlowCrypt, you can do either a simple or manual setup.

The manual setup gives you full control over how your key is handled.

The simple setup will protect your key with your passphrase by default and store it in your inbox. The security of your key then depends on the strength of your passphrase, which is why FlowCrypt requires such a long passphrase when creating a new key.

Please also see our Privacy Policy - it’s very readable.

The code itself is publicly available at the FlowCrypt GitHub repo.