Anything you type, in plain text.
Can be read by their employees, contractors, and third-party partners.
Often used to train their next model.
Encrypted bytes only Maple’s enclave can read.
Hidden from our team, our partners, and everyone else.
Browser-side demo. AES-256-GCM with a session-only key.
Try in MapleLayered hardware-enforced protection, from your device to the AI model.
Audit it yourself.
Messages encrypted locally before leaving your device.
Decrypted only inside a hardware-isolated enclave.
AI inference inside a trusted execution environment.
Verifiable code with reproducible builds.
Both our client and server code are public. Reproducible builds and attestation let you confirm what's actually running.
A signed enclave attestation. Verify it yourself.
b3afd87f5c3b7f5b8d2cf04a91e87a3d6c1f4090c8b39b2e6a1d4f8e3c5a7b9d4f2e1a8c6b5d9e4f3a2b1c0d9e8f7a6b5
PCR0 matches remotely attested value
For technical details, check out the AWS Nitro Enclaves documentation .
Document signature verified with this public key
Certificate Chain:
Root Certificate
Subject: C=US, O=Amazon, OU=AWS, CN=aws.nitro-enclaves
Valid From: 10/28/2019, 8:28:05 AM
Valid Until: 10/28/2049, 9:28:05 AM
Calculated SHA-256: 641a0321a3e244efe456463195d606317ed7cdcc3c1756e09893f3c68f79bb5b
Expected root cert hash: 641a0321a3e244efe456463195d606317ed7cdcc3c1756e09893f3c68f79bb5b
Root certificate hash matches AWS root certificate
-----BEGIN CERTIFICATE----- MIICETCCAZagAwIBAgIRAPkxdWgbkK/hHUbMtOTn+FYwCgYIKoZIzj0EAwMwSTEL MAkGA1UEBhMCVVMxDzANBgNVBAoMBkFtYXpvbjEMMAoGA1UECwwDQVdTMRkwGQYD VQQDDBJhd3Mubml0cm8tZW5jbGF2ZXMwHhcNMTkxMDI4MTMyODA1WhcNNDkxMDI4 MTQyODA1WjBJMQswCQYDVQQGEwJVUzEPMA0GA1UECgwGQW1hem9uMQwwCgYDVQQL DANBV1MxGzAZBgNVBAMMEmF3cy5uaXRyby1lbmNsYXZlczMBMBAGByqGSM49AgEG BSuBBAAiA2IABPwCV0umCMHzaHDimtqQvkY4MpJzbolL//Zy2YlES1BR5TSksfbb 48C8WBoyt7F2Bw7eEtaaP+ohG2bnUs990dJX28TcPQXCEPZ3BABIeTPYwEoCWZE h8l5YoQwTcU/9KNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUkCW1DdkF R+eWw5b6cp3PmanfS5YwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2kAMGYC -----END CERTIFICATE-----
Certificate 2
Subject: C=US, O=Amazon, OU=AWS, CN=b68b812f20558bd7.us-east-2.aws.nitro-enclaves
Valid From: 4/29/2026, 7:48:07 AM
Valid Until: 5/19/2026, 8:48:07 AM
Signature verified with chain
-----BEGIN CERTIFICATE----- MIIChDCCAgmgAwIBAgIQBABCDEFGhaVBoSLK4WTe8zgwCgYIKoZIzj0EAwMwSTEL ... (truncated for sample) -----END CERTIFICATE-----
Certificate 3
Subject: CN=41e1248bd847c447.zonal.us-east-2.aws.nitro-enclaves, OU=AWS, O=Amazon, C=US, ST=WA, L=Seattle
Valid From: 5/2/2026, 9:31:00 PM
Valid Until: 5/8/2026, 8:31:00 PM
Signature verified with chain
-----BEGIN CERTIFICATE----- MIIB5TCCAYqgAwIBAgIQABCDmxI0Qx5JCWDA6SL4WTe8zgwCgYIKoZIzj0EAwMw ... (truncated for sample) -----END CERTIFICATE-----
Certificate 4
Subject: C=US, ST=Washington, L=Seattle, O=Amazon, OU=AWS, CN=i-06c79bf817127030a.us-east-2.aws.nitro-enclaves
Valid From: 5/3/2026, 7:02:31 AM
Valid Until: 5/4/2026, 7:02:31 AM
Signature verified with chain
-----BEGIN CERTIFICATE----- MIIBxDCCAWqgAwIBAgIQAaBcDeFgHiJ4WTe8zgwCgYIKoZIzj0EAwMwSTEL ... (truncated for sample) -----END CERTIFICATE-----
Certificate 5
Subject: C=US, ST=Washington, L=Seattle, O=Amazon, OU=AWS, CN=i-06c79bf817127030a-enc019ddf7ee5826b2f.us-east-2.aws
Valid From: 5/3/2026, 9:50:30 AM
Valid Until: 5/3/2026, 12:50:33 PM
Signature verified with chain
-----BEGIN CERTIFICATE----- MIIBuTCCAV+gAwIBAgIRAPa1d2EFGhaVBoSLK4WTe8zgwCgYIKoZIzj0EAwMw ... (truncated for sample) -----END CERTIFICATE-----
Our code is open source: Maple client and OpenSecret server .
Not all privacy claims are created equal. Here's how the approaches compare.
Technical facts for evaluating Maple's security architecture.
Hardware Isolation. AWS Nitro Enclaves provide CPU-level isolation with no persistent storage, no admin access, and no external networking.
Code Integrity. Enclave images are measured at boot. The PCR0 hash uniquely identifies the exact code running inside.
Remote Attestation. A cryptographic attestation document, signed by AWS Nitro hardware, proves the enclave's identity and integrity.
Reproducible Builds. Anyone can build our open-source code from GitHub and compare the resulting hash against the live attestation.
Minimal Trust Model. You trust the hardware (AWS Nitro) and the code (open source). No employees, no third parties, no master keys.
Per-User Encryption. Data outside the enclave is stored as encrypted blobs per user. Decryption keys live inside the TEE and on user devices.
Questions? Reach us at [email protected]
A TEE is a hardware-isolated area of a processor that runs code in a secure enclave. Even the server operator cannot access data inside the enclave. AWS Nitro Enclaves, which Maple uses, strip away all external access: no SSH, no admin console, no persistent storage outside the enclave. The only way in or out is through a narrow, measured communication channel.
Similar concept, different implementation. Apple's Private Cloud Compute uses custom silicon with Secure Enclave. Maple uses AWS Nitro Enclaves with attestation-verified code. Both approaches use hardware isolation to ensure that even the service operator cannot access user data during processing.
Your account has its own private key derived from your credentials. Chat history is encrypted with this key before leaving your device and stored in encrypted form on our servers. When you log in on another device, your key is re-derived and used to decrypt your data locally.
Your trust assumptions are minimal and verifiable:
Yes. Our server code is open source . The attestation document on this page is fetched live from our enclave and verified against AWS's root certificate. You can independently reproduce the build, compare the PCR0 hash, and confirm that the code running in production matches the published source.
