Last updated: March 24, 2026
Most privacy policies consist of promises that a company will not look at your data. At Balon AI, we are building an architecture designed to ensure that we cannot look at your data where encryption is active.
Our infrastructure is being built on a Zero-Trust Architecture (ZTA) utilizing Client-Side End-to-End Encryption. Where active, your data is encrypted inside your browser using a Master Encryption Key (MEK) derived from your password via PBKDF2 (100,000 iterations). We never receive your password in plaintext, and we never receive your MEK. Encryption coverage is expanding and may not apply to all features at this time. For data protected by active E2EE, we only store computationally unreadable ciphertexts.
The following data is actively protected by client-side end-to-end encryption. Balon AI cannot read this data:
If we are served with a subpoena or warrant for the above data, we can only provide encrypted ciphertexts, which are useless without your password.
The following data is currently stored in plaintext on our servers. We are actively expanding encryption coverage to include these:
To operate the service, route requests, process billing, and manage organizations, we do have access to certain unencrypted metadata:
While your data is secure in transit and at rest on our servers, it is briefly decrypted within your browser's memory to provide a seamless application experience. Our privacy guarantees end at your device's boundary. It is your responsibility to ensure your local environment is free from malware, keyloggers, and unauthorized physical access.