Common questions about Vega. If your question isn't answered here, email us at hello@vegamessenger.com — we usually reply within a day.
How do I sign up?
Open the app, tap "Sign up" on the welcome screen, and follow the onboarding:
1. Pick a username — lowercase letters, digits, or underscore,
3–32 characters, starting with a letter.
2. Choose a password — minimum 12 characters; the strength meter
will guide you to a secure one.
3. Optionally add a recovery email (you can leave this empty).
4. Write down your 24-word recovery code when it's
shown to you. This is the primary way to regain access if you
forget your password.
No phone number is required and Vega never asks for your contacts.
I forgot my password. How do I recover my account?
On the sign-in screen tap "restore with recovery code", enter your username and your 24-word recovery code (in order, with single spaces). You'll then set a new password.
If you also added a recovery email at signup, that's an independent second path — we can email you a recovery link. Without either the 24-word code or the recovery email, account recovery is not possible — by design: Vega's privacy guarantees mean we cannot reset a password from our side.
How do I delete my account?
Open Settings → scroll to the bottom → "Delete account" → confirm.
This immediately removes every server-side trace of your account: messages, media, contacts, identity keys, push tokens. The deletion is permanent and irreversible. There is no recovery window.
Are my messages really end-to-end encrypted?
Direct messages between two people use libsignal PQXDH — the same cryptographic library that powers Signal, with post-quantum protection. The server stores only ciphertext and cannot read your messages.
Group chats are protected in transit and at rest, but are not end-to-end encrypted yet — full E2E for groups is on the v2 roadmap. Voice and video calls run over LiveKit with end-to-end encrypted media (SFrame / AES-GCM, per-call key wrapped under your libsignal session).
How do I verify someone's identity?
Tap the peer's name at the top of the chat to open their profile. The "Peer's key" section shows a 16-character identity code. Read those characters to your peer in person, or over a separate trusted channel — if their device shows the same code, you're talking to the real person, end-to-end.
How do I report abuse or block someone?
Open the peer's profile (tap their name in the chat header) and choose "Report" or "Block".
A blocked user can't message you, and you won't see their messages. Reports are reviewed by our moderation team within 24 hours; users who violate the rules are removed.
Why does Vega use a username instead of a phone number?
Privacy. A phone number ties your identity to a physical SIM and leaks it to everyone you message. A username keeps your real-world identity separate — people can reach you without ever learning your phone number.
Why do some of my sent messages show a 🔒 "encrypted" placeholder, and how do I unlock my history?
Signal-protocol ciphertext can only be decrypted by the recipient, so after a reinstall or a fresh login your own sent messages can't be read from the server copy alone. Vega seals a second copy — a self-envelope — of each outgoing encrypted message with a key derived from your 24-word recovery phrase.
If you reinstalled the app on the same device, your history usually unlocks by itself. After signing in on a new device (or after a sign-out), open Settings → privacy → "unlock history" and enter your recovery phrase — your sent messages will decrypt on the device. Without the phrase the history stays sealed; nobody, including us, can open it.
Does Vega work without an internet connection?
You can read previously synced messages offline (Vega caches them on your device). New messages and calls require an internet connection.
Email hello@vegamessenger.com. Please include your username and a short description of what happened — we'll get back to you within one business day.
Report vulnerabilities to security@vegamessenger.com (machine-readable contact: security.txt). We read every report, respond to researchers acting in good faith, and never pursue legal action against honest security research. Please don't access other users' data while testing.