# Sessions

> Sessions is a non-custodial guard for your Telegram account. It watches for new logins and automatically removes any device that isn't you, and blocks hostile 2FA-password resets. It runs inside a hardware-attested AWS Nitro enclave whose complete open-source code provably cannot read your messages. You hold the keys; every action is visible in your dashboard.

## Core pages
- [How it works](https://www.sessions.fyi/how-it-works): the security model, the live hardware attestation, and how to verify the exact code running yourself.
- [About](https://www.sessions.fyi/about): what Sessions is and who is behind it.
- [Privacy and Terms](https://www.sessions.fyi/legal): privacy and terms.

## Proof and source
- [Machine-readable verification summary](https://www.sessions.fyi/verify.json): the expected enclave fingerprint (PCR0) and the exact verification recipe.
- [Open-source enclave gateway](https://github.com/Danimal01/enclave-gateway): the complete source of the guard, including the allowlist of every Telegram method it can ever call.

## What it can and cannot do
- CAN: detect new logins, remove sessions that are not on your signed keep-list, decline hostile 2FA-password resets, and surface these events to you.
- CANNOT: read or send your messages, see your chats, contacts, or files, or change your password. There is no method for any of these in the code.