diff --git a/next.config.js b/next.config.js
index 16538a4..240e214 100644
--- a/next.config.js
+++ b/next.config.js
@@ -1,3 +1,19 @@
+// Security headers applied to every response. We deliberately do NOT set a
+// restrictive script-src/style-src CSP here: the app relies on inline styles,
+// Next.js inline bootstrap scripts, the crawlproof.com analytics script, and
+// Supabase image/websocket origins, so an enforcing CSP would break it. We only
+// set `frame-ancestors` (clickjacking protection) plus the other low-risk
+// hardening headers. HSTS only affects HTTPS responses (ignored over the Tor
+// http onion service, which is fine).
+const securityHeaders = [
+ { key: 'Strict-Transport-Security', value: 'max-age=31536000; includeSubDomains' },
+ { key: 'X-Content-Type-Options', value: 'nosniff' },
+ { key: 'X-Frame-Options', value: 'SAMEORIGIN' },
+ { key: 'Content-Security-Policy', value: "frame-ancestors 'self'" },
+ { key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' },
+ { key: 'Permissions-Policy', value: 'geolocation=(), browsing-topics=()' },
+];
+
/** @type {import('next').NextConfig} */
const nextConfig = {
reactStrictMode: true,
@@ -6,6 +22,9 @@ const nextConfig = {
eslint: {
ignoreDuringBuilds: true,
},
+ async headers() {
+ return [{ source: '/:path*', headers: securityHeaders }];
+ },
};
export default nextConfig;
diff --git a/public/llms-full.txt b/public/llms-full.txt
new file mode 100644
index 0000000..614435f
--- /dev/null
+++ b/public/llms-full.txt
@@ -0,0 +1,91 @@
+# QryptChat — Full Content
+
+> Quantum-resistant, end-to-end encrypted messaging by Profullstack, Inc.
+> Concatenated Markdown of the key public pages for LLM/RAG ingestion.
+
+## Home
+
+QryptChat is quantum-resistant, end-to-end encrypted messaging. It uses NIST-approved
+post-quantum algorithms — ML-KEM-1024 (CRYSTALS-Kyber) for key encapsulation and
+CRYSTALS-Dilithium for digital signatures — to protect messages, files, and calls against
+both current attackers and future quantum computers. It is free, open source (MIT),
+self-hostable, and accessible over Tor.
+
+How it works:
+
+1. Register with a phone number. A one-time SMS code verifies you — no email and no password.
+2. Keys are generated on your device. Your ML-KEM-1024 key pair never leaves your device, so
+ QryptChat cannot read your messages (zero-knowledge architecture).
+3. Every message is encrypted end-to-end — text, files, and voice & video calls.
+4. Stay private everywhere: use the web app or the Tor onion service, and self-host from the
+ open-source repository.
+
+Built for privacy-conscious individuals, journalists, activists, and security-minded teams.
+
+## About
+
+QryptChat is built by Profullstack, Inc. (founded 2024). Team: Anthony Ettinger
+(Founder & Developer) and mrpthedev (Developer). Mission: make communication that stays
+private for decades using cryptography already standardized by NIST, kept open source so it
+can be independently verified and self-hosted.
+
+## Security
+
+- Key encapsulation: ML-KEM-1024 (CRYSTALS-Kyber), NIST FIPS 203.
+- Digital signatures: CRYSTALS-Dilithium (ML-DSA), NIST FIPS 204.
+- Coverage: text messages, file transfers, and 1:1 and group voice & video calls are end-to-end encrypted.
+- Key custody: private keys are created and stored on-device; the server only ever sees ciphertext.
+- Why post-quantum: defends against "harvest now, decrypt later" attacks.
+- Privacy & resilience: phone-number auth (no email/password), no ads or trackers, Tor access,
+ a public warrant canary, and MIT-licensed self-hostable source.
+- Responsible disclosure: security@qrypt.chat and /.well-known/security.txt.
+
+## Pricing & Premium
+
+QryptChat is free and open source (MIT). All core messaging, calling, and encryption features
+are free, and you can self-host. An optional paid Premium tier is in development.
+
+| Feature | Free | Premium (coming soon) |
+| --- | --- | --- |
+| Post-quantum end-to-end encryption | yes | yes |
+| Encrypted voice & video calls | yes | yes |
+| Disappearing messages & file sharing | yes | yes |
+| Tor access & self-hosting | yes | yes |
+| Price | $0 forever | TBA |
+
+## FAQ
+
+Q: Is QryptChat free?
+A: Yes — free and open source (MIT). Optional Premium tier is in development.
+
+Q: What platforms does QryptChat run on?
+A: Any modern web browser, plus installable as a PWA on Android, iOS, and desktop, and reachable over Tor.
+
+Q: What makes QryptChat quantum-resistant?
+A: It encrypts with ML-KEM-1024 (CRYSTALS-Kyber) and CRYSTALS-Dilithium, protecting against
+"harvest now, decrypt later" attacks.
+
+Q: How is QryptChat different from Signal?
+A: It uses post-quantum cryptography by design, is MIT-licensed and self-hostable, and is accessible over Tor.
+
+Q: Does QryptChat require an email or password?
+A: No — sign up with a phone number and an SMS code.
+
+Q: Can I self-host QryptChat?
+A: Yes — https://github.com/profullstack/qryptchat-web
+
+Q: Can QryptChat read my messages?
+A: No — keys are generated on your device and the server only handles ciphertext.
+
+## Company
+
+- Name: Profullstack, Inc.
+- Product: QryptChat
+- Founded: 2024
+- Team: Anthony Ettinger (Founder & Developer), mrpthedev (Developer)
+- Support: support@qrypt.chat
+- Security: security@qrypt.chat
+- Business: business@qrypt.chat
+- GitHub: https://github.com/profullstack/qryptchat-web
+- License: MIT
+- Pricing: Free / open source
diff --git a/public/llms.txt b/public/llms.txt
index 13e34f5..be69944 100644
--- a/public/llms.txt
+++ b/public/llms.txt
@@ -9,6 +9,8 @@ QryptChat uses NIST-approved post-quantum algorithms (ML-KEM-1024 / CRYSTALS-Kyb
- [Home](https://qrypt.chat/) — Product overview and feature highlights
- [About](https://qrypt.chat/about) — Mission, team, and differentiators
- [Security](https://qrypt.chat/security) — Encryption algorithms, zero-knowledge architecture, audit status
+- [FAQ](https://qrypt.chat/faq) — Common questions about pricing, platforms, and post-quantum encryption
+- [Pricing & Premium](https://qrypt.chat/premium) — Free vs. Premium tiers (free and open source)
- [Encryption Test](https://qrypt.chat/encryption-test) — Live ML-KEM-1024 demo in the browser
- [Contact](https://qrypt.chat/contact) — Support, security, and business contact emails
- [Privacy Policy](https://qrypt.chat/privacy) — Data minimization, GDPR rights, no ads or tracking
diff --git a/src/app/about/page.jsx b/src/app/about/page.jsx
index dbb35c7..3ee2f6f 100644
--- a/src/app/about/page.jsx
+++ b/src/app/about/page.jsx
@@ -1,9 +1,55 @@
+export const metadata = {
+ title: 'About',
+ description:
+ 'QryptChat is quantum-resistant, end-to-end encrypted messaging by Profullstack, Inc. Learn about our mission, our team, and why we built a post-quantum messenger.',
+ alternates: { canonical: '/about' },
+ openGraph: { url: '/about', title: 'About QryptChat' },
+};
+
+const containerStyle = { padding: '4rem 0', maxWidth: '760px' };
+const paraStyle = { fontSize: '1.0625rem', lineHeight: 1.8, color: 'var(--color-text-secondary)', margin: '0 0 1.25rem' };
+const h2Style = { fontSize: '1.5rem', fontWeight: 700, margin: '2.5rem 0 1rem' };
+
export default function AboutPage() {
return (
-
-
About QryptChat
-
- QryptChat is a quantum-resistant, end-to-end encrypted messaging platform. Built with ML-KEM-1024 (CRYSTALS-Kyber) and CRYSTALS-Dilithium — NIST-approved post-quantum algorithms — your conversations are safe against both current and future threats including quantum computers.
+
+
About QryptChat
+
+
+ QryptChat is a quantum-resistant, end-to-end encrypted messaging platform built by{' '}
+ Profullstack, Inc. (founded 2024). It uses ML-KEM-1024 (CRYSTALS-Kyber) and
+ CRYSTALS-Dilithium — NIST-approved post-quantum algorithms — so your conversations stay private
+ against both today's attackers and tomorrow's quantum computers.
+
+
+
Our mission
+
+ Most messengers were designed for a world without quantum computers. Encrypted traffic captured
+ today can be stored and decrypted later once large-scale quantum hardware arrives — a
+ “harvest now, decrypt later” attack. Our mission is to make communication that is
+ private not just today but decades from now, using cryptography that is already standardized by
+ NIST, and to keep it open source so anyone can verify and self-host it.
+
+
+
What makes QryptChat different
+
+
Post-quantum end-to-end encryption using ML-KEM-1024 and CRYSTALS-Dilithium.
+
Phone-number sign-up — no email address and no password required.
+
Encrypted voice & video calls, disappearing messages, and file sharing.
+
Open source under the MIT license and fully self-hostable.
+
Accessible over Tor as a hidden service, plus a public warrant canary.
);
}
diff --git a/src/app/faq/page.jsx b/src/app/faq/page.jsx
new file mode 100644
index 0000000..797de0b
--- /dev/null
+++ b/src/app/faq/page.jsx
@@ -0,0 +1,68 @@
+export const metadata = {
+ title: 'FAQ',
+ description:
+ 'Frequently asked questions about QryptChat: is it free, what platforms it runs on, how post-quantum encryption works, whether you can self-host, and how it compares to Signal.',
+ alternates: { canonical: '/faq' },
+ openGraph: { url: '/faq', title: 'QryptChat FAQ' },
+};
+
+const faqs = [
+ {
+ q: 'Is QryptChat free?',
+ a: 'Yes. QryptChat is free and open source under the MIT license. All core messaging, calling, and encryption features are available at no cost, and you can self-host it. An optional paid Premium tier is in development.',
+ },
+ {
+ q: 'What platforms does QryptChat run on?',
+ a: 'QryptChat runs in any modern web browser and installs as a Progressive Web App on Android, iOS, and desktop. It is also reachable as a Tor hidden service.',
+ },
+ {
+ q: 'What makes QryptChat quantum-resistant?',
+ a: 'QryptChat encrypts messages, files, and calls with NIST-approved post-quantum algorithms: ML-KEM-1024 (CRYSTALS-Kyber) for key encapsulation and CRYSTALS-Dilithium for digital signatures. These protect against "harvest now, decrypt later" attacks where traffic recorded today is decrypted once quantum computers exist.',
+ },
+ {
+ q: 'How is QryptChat different from Signal?',
+ a: 'Like Signal, QryptChat offers end-to-end encrypted messaging and calls with phone-number sign-up. The key difference is that QryptChat uses post-quantum cryptography (ML-KEM-1024 and CRYSTALS-Dilithium) by design, is MIT-licensed and self-hostable, and is accessible over Tor.',
+ },
+ {
+ q: 'Does QryptChat require an email address or password?',
+ a: 'No. You register with a phone number and a one-time SMS verification code. There is no password to leak and no email address to collect.',
+ },
+ {
+ q: 'Can I self-host QryptChat?',
+ a: 'Yes. QryptChat is open source and self-hostable. The full source code is available at github.com/profullstack/qryptchat-web.',
+ },
+ {
+ q: 'Can QryptChat read my messages?',
+ a: 'No. Encryption keys are generated on your device and never sent to our servers, so QryptChat operates on a zero-knowledge basis and only ever handles ciphertext.',
+ },
+];
+
+const faqJsonLd = {
+ '@context': 'https://schema.org',
+ '@type': 'FAQPage',
+ mainEntity: faqs.map(({ q, a }) => ({
+ '@type': 'Question',
+ name: q,
+ acceptedAnswer: { '@type': 'Answer', text: a },
+ })),
+};
+
+const containerStyle = { padding: '4rem 0', maxWidth: '760px' };
+
+export default function FaqPage() {
+ return (
+
+
+
Frequently Asked Questions
+ {faqs.map(({ q, a }) => (
+
+
{q}
+
{a}
+
+ ))}
+
+ );
+}
diff --git a/src/app/home-content.jsx b/src/app/home-content.jsx
new file mode 100644
index 0000000..eb2e898
--- /dev/null
+++ b/src/app/home-content.jsx
@@ -0,0 +1,135 @@
+'use client';
+
+import Link from 'next/link';
+import { useI18n } from '@/lib/hooks/useI18n.js';
+
+export default function HomeContent() {
+ const { t } = useI18n();
+
+ return (
+ <>
+
+
+
+
+
{t('app.name')}
+
{t('app.tagline')}
+
{t('app.description')}
+
+ {t('nav.register')}
+ {t('nav.login')}
+
+
+
+
+
+
+
+
+
+
+
+
+
Why Choose QryptChat?
+
Built for the future of secure communication
+
+
+ {[
+ { num: '01', title: 'Post-Quantum Cryptography', desc: 'Uses ML-KEM-1024 (CRYSTALS-Kyber) and CRYSTALS-Dilithium algorithms approved by NIST for quantum resistance.' },
+ { num: '02', title: 'Phone Number Authentication', desc: 'Simple and secure registration using your phone number with SMS verification.' },
+ { num: '03', title: '🔐 Encrypted Voice & Video Calls', desc: 'Crystal-clear 1:1 and group calls protected with ML-KEM-1024 post-quantum encryption.' },
+ { num: '04', title: 'Real-time Messaging', desc: 'Instant message delivery with typing indicators and read receipts.' },
+ { num: '05', title: 'Multi-language Support', desc: 'Available in multiple languages with full internationalization support.' },
+ ].map(({ num, title, desc }) => (
+
+
{num}
+
{title}
+
{desc}
+
+ ))}
+
+
+
+
+
+
+
+
How QryptChat Works
+
Private by design — no email, no passwords, no message access.
+
+
+
Register with a phone number. A one-time SMS code verifies you — no email address and no password to leak.
+
Keys are generated on your device. Your ML-KEM-1024 key pair never leaves your device, so QryptChat cannot read your messages.
+
Every message is encrypted end-to-end. Text, files, and voice & video calls are protected with NIST-approved post-quantum algorithms.
+
Stay private, everywhere. Use QryptChat on the web or over Tor, and self-host it from the open-source (MIT) repository.
+
+
+ Built for privacy-conscious individuals, journalists, activists, and security-minded teams who need
+ communication that stays private even against future quantum computers.
+
- {[
- { num: '01', title: 'Post-Quantum Cryptography', desc: 'Uses ML-KEM-1024 (CRYSTALS-Kyber) and CRYSTALS-Dilithium algorithms approved by NIST for quantum resistance.' },
- { num: '02', title: 'Phone Number Authentication', desc: 'Simple and secure registration using your phone number with SMS verification.' },
- { num: '03', title: '🔐 Encrypted Voice & Video Calls', desc: 'Crystal-clear 1:1 and group calls protected with ML-KEM-1024 post-quantum encryption.' },
- { num: '04', title: 'Real-time Messaging', desc: 'Instant message delivery with typing indicators and read receipts.' },
- { num: '05', title: 'Multi-language Support', desc: 'Available in multiple languages with full internationalization support.' },
- ].map(({ num, title, desc }) => (
-
-
{num}
-
{title}
-
{desc}
-
- ))}
-
-
-
-
-
+
+
>
);
}
diff --git a/src/app/premium/page.jsx b/src/app/premium/page.jsx
index 3c6d63b..176ca07 100644
--- a/src/app/premium/page.jsx
+++ b/src/app/premium/page.jsx
@@ -1,8 +1,49 @@
+export const metadata = {
+ title: 'Pricing & Premium',
+ description:
+ 'QryptChat is free and open source. See what is included for free and what is coming to QryptChat Premium.',
+ alternates: { canonical: '/premium' },
+ openGraph: { url: '/premium', title: 'QryptChat Pricing & Premium' },
+};
+
+const containerStyle = { padding: '4rem 0', maxWidth: '760px' };
+const cellStyle = { border: '1px solid var(--color-border)', padding: '0.6rem 0.9rem', textAlign: 'left', fontSize: '0.95rem' };
+const thStyle = { ...cellStyle, background: 'var(--color-bg-secondary)', fontWeight: 600 };
+
export default function PremiumPage() {
return (
-
-
QryptChat Premium
-
Premium features coming soon.
+
+
Pricing & Premium
+
+ QryptChat is free and open source (MIT). Every core messaging, calling, and
+ encryption feature is available at no cost, and you can always self-host from the{' '}
+ source repository.
+ Premium is an optional paid tier for power users — it is in development.
+
+
+
+
+ QryptChat plans
+
+
+
+
Feature
+
Free
+
Premium (coming soon)
+
+
+
+
Post-quantum end-to-end encryption
✓
✓
+
Encrypted voice & video calls
✓
✓
+
Disappearing messages & file sharing
✓
✓
+
Tor access & self-hosting
✓
✓
+
Price
$0 forever
TBA
+
+
+
+
+ Want early access or have a use case in mind? Contact us.
+
QryptChat uses ML-KEM-1024 (CRYSTALS-Kyber) for key encapsulation and CRYSTALS-Dilithium for digital signatures — both NIST-approved post-quantum algorithms.
+
+
Security
+
+
+ QryptChat is built so that only you and the people you talk to can read your messages. Encryption
+ keys are generated on your device and never shared with our servers, giving QryptChat a
+ zero-knowledge architecture: we cannot read your messages, calls, or files even if compelled to.
+
+
+
Cryptography
+
+
Key encapsulation: ML-KEM-1024 (CRYSTALS-Kyber), a NIST-standardized post-quantum KEM (FIPS 203).
+
Digital signatures: CRYSTALS-Dilithium (ML-DSA), NIST-standardized post-quantum signatures (FIPS 204).
+
Coverage: text messages, file transfers, and 1:1 and group voice & video calls are all end-to-end encrypted.
+
Key custody: private keys are created and stored on your device; the server only ever sees ciphertext.
+
+
+
Why post-quantum
+
+ Adversaries can record encrypted traffic today and decrypt it years later once large-scale quantum
+ computers exist — the “harvest now, decrypt later” threat. Using NIST-approved
+ post-quantum algorithms protects your conversations against that future, not just against
+ classical attackers today.
+
+
+
Privacy & resilience
+
+
Phone-number authentication with no email and no password to breach.
+
No ads and no third-party advertising trackers.
+
Accessible over Tor as a hidden service for censorship resistance.