Incident Response Outline

Automated anomalies in relay traffic or reports from our Bug Bounty program.

Insights That Drive Secure Communication Forward

Table of content

01
So what is a Zero-knowledge Protocol?

Response Cycle

  • Detection: Automated anomalies in relay traffic or reports from our Bug Bounty program.
  • Containment: Isolate affected relay nodes; rotate infrastructure keys; pause specific API endpoints if necessary.
  • Eradication: Patch vulnerabilities; purge any potentially tainted temporary caches.
  • Recovery: Redeploy clean node images; restore service continuity.

Customer Notification

  • Severity 1 (Data Breach): Notified within 72 hours via in-app alert and email (if provided). Note: Since we store no message data, a "breach" is typically limited to metadata or service disruption.
  • Severity 2 (Service Degradation): Updated via our Status Page.

Preparedness

We conduct quarterly tabletop exercises simulating scenarios such as "Relay Node Compromise" and "ZKP Circuit Vulnerability" to ensure our team is battle-ready.

Related

Because Letro is built on a Trustless and Decentralized-first architecture, the concept of "data residency" differs from traditional centralized apps.

Data Residency & Infrastructure

Read More
Letro is built as a Proof-of-Service / Digital Registered Delivery platform.

Security Overview

Read More
Letro employs the Signal Protocol to ensure strict End-to-End Encryption (E2EE).

Encryption model

Read More