Push Notifications
Without Surveillance

End-to-end encrypted. The server sees only sealed envelopes — never your content.

Get Started How It Works
E2E

End-to-End Encrypted

X25519 key exchange + XChaCha20-Poly1305. The server is a blind relay — it cannot read your messages.

WS

Real-Time WebSocket

Instant delivery via persistent WebSocket. No polling, no delay. With exponential backoff reconnection.

SDK

Multi-Platform SDKs

Android (Kotlin), iOS (Swift), Web (TypeScript), Python, Go, Node.js, PHP. All with E2E built in.

FCM

Hybrid Wake-Up

FCM/APNs as empty doorbell — actual content fetched via encrypted channel. Works offline.

SH

Self-Hostable

Single Go binary, 512MB RAM. Your data stays on your server. Full control.

OS

Open Source

Fully auditable code. No proprietary dependencies. GDPR documentation included.

How It Works

1

Device Registers

Generates X25519 + Ed25519 keypair. Private key stays on device (Keystore/Keychain). Public key sent to server.

2

Sender Encrypts

Fetches device public key. ECDH + HKDF derives shared secret. XChaCha20-Poly1305 encrypts the message.

3

Server Relays

Receives sealed envelope. Delivers via WebSocket or queues for polling. Cannot read the content.

4

Device Decrypts

ECDH with own private key + sender's ephemeral key. Derives same shared secret. Decrypts message.

5 Lines to Send a Push

# Python
from aeu_push import AeuPush

push = AeuPush('apk_xxx', 'aps_xxx')
push.send('aeu_device_token', 'Hello World!')
# E2E encrypted automatically

AEU Push vs FCM/APNs

AEU Push FCM / APNs
E2E EncryptionBuilt-inNone
Server reads contentNeverAlways
Self-hostableYesNo
Google/Apple dependencyOptional wake-up onlyRequired
Open sourceYesNo
GDPR compliantBy designRequires DPA
Works without Play ServicesYesNo