diff --git a/client-cpp-gui/include/blackwire/storage/client_state.hpp b/client-cpp-gui/include/blackwire/storage/client_state.hpp
index 5b212c1..b2def93 100644
--- a/client-cpp-gui/include/blackwire/storage/client_state.hpp
+++ b/client-cpp-gui/include/blackwire/storage/client_state.hpp
@@ -122,12 +122,9 @@ inline void from_json(const nlohmann::json& j, LocalMessage& v) {
 inline void from_json(const nlohmann::json& j, ConversationMeta& v) {
     v.peer_username = j.value("peer_username", "");
     v.peer_address = j.value("peer_address", "");
-    if (j.contains("last_preview")) {
-        const auto preview = j.value("last_preview", "");
-        v.last_preview = preview.empty() ? "" : "(encrypted message)";
-    } else {
-        v.last_preview = "";
-    }
+    // Never deserialize historical last_preview plaintext from disk into runtime state.
+    // This prevents resurfacing any sensitive previews that may have been persisted.
+    v.last_preview = "[encrypted message]";
     v.last_activity_at = j.value("last_activity_at", "");
 }
 
diff --git a/client-cpp-gui/tests/test_state_dedup.cpp b/client-cpp-gui/tests/test_state_dedup.cpp
index 789d716..559dce9 100644
--- a/client-cpp-gui/tests/test_state_dedup.cpp
+++ b/client-cpp-gui/tests/test_state_dedup.cpp
@@ -26,6 +26,6 @@ TEST(StateDedupTest, ConversationMetaRoundTrip) {
     ASSERT_TRUE(restored.conversation_meta.contains("conv-1"));
     const auto& loaded_meta = restored.conversation_meta.at("conv-1");
     EXPECT_EQ(loaded_meta.peer_username, "alice");
-    EXPECT_EQ(loaded_meta.last_preview, "hello");
+    EXPECT_EQ(loaded_meta.last_preview, "[encrypted message]");
     EXPECT_EQ(loaded_meta.last_activity_at, "2026-02-14T12:00:00Z");
 }