I built a recovery app after a data breach exposed 600K users' most private moments

Earlier this year, the leading pornography recovery app suffered a breach that exposed over 600,000 users' journal entries, behavioral data, and private confessions. Around 100,000 of those users identified as minors.

I had been building Hexys before that happened, but when the breach came out it crystallized something I already believed: in a category where people share their most vulnerable moments, privacy needs to be more than just a promise - It has to be the architecture.

So here is what we built differently:

• Journal entries in Hexys are encrypted on the user's device before they ever reach our servers using AES-256-GCM zero-knowledge encryption. We store only ciphertext, so we cannot read user's sensitive data even if we wanted to.

• We also made it policy to not have any ads, nor behavioral profiling, nor data sales. Our user's data is theirs alone.

• We added extra features for those that want accountability support, but want to stay anonymous - introducing Pods, a group of like minded people on the same growth path, supporting each other anonymously in Hexys.

The bigger vision of Hexys is a modular platform for compulsive digital habits. Module 1 is pornography recovery. Module 2 is social media detox. The privacy foundation carries through everything we build.

Launching on iOS April 17th.

Happy to talk about the build process, the encryption architecture, or anything else.

TestFlight is live now if anyone wants to try it before launch: https://testflight.apple.com/join/4ABkJXBa