Private rooms are access-controlled
Private rooms are not listed for browsing. Joining requires the invite link, and database reads are scoped so private room posts and replies are returned through guarded access paths.
Security and privacy
Security that keeps the product usable.
Korume is built for small groups, so privacy matters. The current model focuses on access control, honest defaults, and useful notifications. It is not end-to-end encrypted today.
Database reads and writes are restricted
Korume uses Supabase row-level security and database functions to limit broad public table access, validate membership before posting, and keep edit/delete actions tied to the original author.
Profiles can be claimed
You can start with a lightweight local profile, then claim it with a magic link so the same identity can follow you across browsers and devices.
Notifications stay useful
Korume is not end-to-end encrypted today, which allows notification previews, typing indicators, link previews, and other real-time features to keep working.
What this means in plain English
- Traffic is served over HTTPS.
- Private groups use invite links and membership checks.
- Post and reply creation requires group membership.
- Post and reply edits/deletes are checked against the author profile id.
- Uploaded avatars and message images are stored in Supabase Storage and may be viewable by anyone who has the generated file URL.
- Operating system notifications may show message previews if you enable popups.
Not end-to-end encrypted
Full end-to-end encryption would make features like notification text, link previews, and easy recovery much harder. Korume may add optional locked rooms later, but the current version is best described as access-controlled group chat, not encrypted messaging.
Last updated May 13, 2026.