Connection lost
Attempting to reconnect
Something went wrong
Attempting to reconnect
sTELgano
stel·GAH·no
The messaging app hidden in your contacts.
No accounts. No chat history. No metadata. Your browser encrypts everything locally with AES-256-GCM before it ever touches a server. The server only sees ciphertext.
Why sTELgano
Privacy that doesn't advertise itself.
Most privacy apps scream "I have something to hide." sTELgano takes a different approach—starting with the name itself, which is designed to mean nothing to a casual observer. Your encrypted channel lives inside a phone number saved in your contacts—invisible to anyone who picks up your phone.
Invisible by Design
No app icon to explain. No suspicious chat logs. Just a phone number in your contacts that opens a fully encrypted channel in your browser.
Zero-Knowledge Server
The server never sees your phone number, your PIN, or your messages. It stores only SHA-256 hashes and AES-256-GCM ciphertext. Even a full database breach reveals nothing.
No Accounts, No Traces
No email signup. No phone verification. No profile picture. You generate a number, pick a PIN, and start chatting. Close the tab and the session is gone.
How it Works
Three steps. Under a minute.
Generate a Steg Number
Use our generator to create a random phone number for any country. Save it in your partner's phone as a normal contact. They save one in yours. That's your secret handshake.
Choose Your PIN
Each person picks their own PIN. This PIN never leaves your device—it's hashed locally and used to prove you have the right to access the room. Forget it and you're locked out forever. By design.
Open the Channel
Enter the steg number and your PIN. Your browser derives the encryption key using PBKDF2 with 600,000 iterations, connects to the room, and you're chatting with end-to-end encryption. No registration required.
Security Model
Transparent about what we store.
We believe you should know exactly what data touches our servers. Here's the full picture—no fine print, no exceptions.
What the server stores
-
Room hash — SHA-256 of the steg number. Cannot be reversed to the original number.
-
Access hash — SHA-256 of number + PIN. Proves access rights without revealing the PIN.
-
Encrypted messages — AES-256-GCM ciphertext. Unreadable without the client-side key.
-
TTL expiry timer — Optional room self-destruct timestamp. Nothing else.
What the server never sees
-
Phone numbers — Only hashes. The server cannot determine the original steg number.
-
PINs — Hashed client-side before transmission. Never stored or logged in any form.
-
Plaintext messages — Encrypted in your browser before sending. Decrypted only on the recipient's device.
-
Encryption keys — Derived via PBKDF2 in your browser. Never transmitted. Never stored.
-
IP addresses — Stripped from logs within 48 hours. Never correlated with rooms.
Use Cases
Built for people who need real discretion.
Personal Privacy
Communicate with a trusted person without leaving any trace on your device. No app to delete. No chat history to clear.
Confidential Sources
Journalists and researchers can receive tips through an untraceable channel. No account links the source to the conversation.
Sensitive Coordination
Activists, whistleblowers, and human rights workers can coordinate without creating a digital trail that can be subpoenaed.
Cross-Border Communication
Works from any browser in any country. No app store download required. No phone number verification. Just a URL.
Under the Hood
Serious cryptography. Simple interface.
Open source. Auditable. Forkable.
sTELgano is licensed under AGPL-3.0. Every line of code—server, client, and cryptographic logic—is publicly available for audit. Don't trust us. Read the source. Run your own instance. Privacy software you can't inspect is privacy software you can't trust.
Ready to chat privately?
Generate a steg number, share it with someone you trust, and open a channel that only the two of you can access.