End-to-end encrypted by default

Secure communications
for regulated UK organisations.

End-to-end encrypted messaging, calls and meetings, with the retention, legal-hold and discovery controls a regulated firm actually needs. Built for law firms, FCA-regulated advisers, accountants, healthcare clinics, defence suppliers, local-government contractors, registered charities and lettings agents — anyone where "good enough" isn't.

30-minute sandbox · no credit card · auto-deleted when you leave

End-to-end encryptedBy default, everywhere
UK / EU data residencySelf-host on your perimeter
Compliance-gradeRetention, legal hold, discovery
No ads, no data miningYou're the customer, not the product
Chattriix Colab — end-to-end encrypted conversation
Private by construction

Plaintext on devices.
Sealed everywhere else.

End-to-end encryption isn't a feature here — it's the architecture. Your conversations are readable on your device and the recipient's. Not on ours, not in transit, not at rest.

End-to-end encryption journey from sender to recipient

Keys live on devices

Each device generates and holds its own keys. Nothing key-shaped lives on our servers.

Forward-protected

If a key is ever compromised, past conversations stay protected. Sessions heal themselves.

Not us. Ever.

There is no admin override, no support peek, no "we'll look into it for you".

Features

Everything a regulated team needs.
Without the consumer-app baggage.

End-to-end encryption

Every message and call is encrypted on your device before it leaves. Built on widely audited cryptographic foundations.

Voice, video & group meetings

One-to-one and multi-party group calls with screen-sharing, background blur, picture-in-picture, pinned-speaker view, live network-quality indicators, hand-raise and emoji reactions. Native lock-screen ringing — calls feel like calls, not notifications.

Group chats, done properly

Encrypted group threads with @mentions, replies, edits, reactions, forward-with-attribution, pinned messages, per-recipient delivered & read status, and disappearing-message timers. Every message stays end-to-end encrypted as members join and leave.

Multi-device sync

Use the same account on your phone, tablet, and laptop. Each device has its own keys, so adding or removing a device never compromises the rest.

Search that respects privacy

Within-conversation search and global cross-thread search — but the index lives on your device, not on our servers. We can't read your search history because we don't have it.

Media & call recording

Photos, voice notes, videos and files travel under the same end-to-end protection as your messages. Record meetings with two-side consent banners; share recordings via password-protected links that expire.

App Lock + biometrics

Face ID, Touch ID, or fingerprint required to open the app — separate from your device unlock. So if a colleague borrows your unlocked laptop, your messages stay private.

Push notifications

Native push on iOS (APNs) and Android (FCM), plus web push for desktop. Notifications carry no message content — your device decrypts the payload locally.

Verified identity

Out-of-band safety numbers let people prove who they're talking to via a QR code. Administrators can sign their staff's keys for an extra "Verified by your organisation" indicator — Signal-style trust, scoped to your firm.

Self-hostable

For organisations that need their data to stay on their own infrastructure. Designed with UK / EU data residency, sovereignty, and right-to-erasure in mind from day one.

See it in action

The chat your team will
actually want to use.

Modern, fast, mobile-first — the kind of interface staff stop comparing to WhatsApp because it doesn't suffer by comparison. Built for sensitive conversations.

1:1 & group conversations

Encrypted bubbles, identity badges, read receipts.

Everything you expect from a modern messenger, with classification and verification baked into every conversation header. Internal, external, guest — at a glance.

  • Threaded replies, reactions, edits
  • Voice notes, files, image previews
  • Per-recipient delivered & read in groups
  • @mentions and pinned messages
Group conversation with members, reactions, retention policy and legal hold

Calls & meetings

Encrypted calls that respect everyone in the room.

Voice, video, group meetings. Recording requires explicit consent from every participant — and the recording is encrypted on the way out, just like the call itself.

  • 1:1 and group meetings
  • Picture-in-picture and background blur
  • Consent-first recording with per-participant ack
  • Screen-share, hand-raise, pinned speaker
Encrypted group call with consent-first recording, screen-share and network-quality indicators

Identity you can trust

Verified by your organisation.

Out-of-band safety numbers prove who's on the other end. Your administrators can sign their staff's identity keys — so a green "Verified by your firm" badge actually means something.

  • QR-code identity verification
  • Org-level attestation by your admin
  • Scoped guest access for single matters
  • Internal / external classification on every party
Identity attestation card with safety numbers, QR verification and scoped guest access

Compliance & control

Built for the firms
that get audited.

End-to-end encryption protects the conversation. The compliance toolkit protects the organisation — so your IT, legal and compliance teams can say yes.

Retention policies that match how you operate

Set an organisation-wide retention floor and ceiling — and layer department-specific overrides on top. Keep Legal's records for seven years while Engineering auto-purges at ninety days. The same controls every regulator already expects.

Legal hold, before you need it

One click freezes a user's communications from auto-deletion, indefinitely, with an immutable audit trail. Held records cannot be purged by retention rules — and the held user can keep messaging, transparently to them.

Legal-discovery exports

Build a discovery manifest scoped by custodian, date range, conversation, team or department. The export is encrypted to a key your compliance officer holds — not us — so you stay zero-knowledge while remaining lawfully accessible.

Encrypted backups with restore drills

Daily encrypted backups with an automated restore-verification drill running every night. Documented DR procedure with stated RTO and RPO. The boring stuff, actually done.

Immutable, tamper-evident audit log

Every administrator action — config change, policy update, user-management event, discovery export — appended to a chained log that surfaces tampering on inspection. Auditable from inside the product.

Single sign-on with your identity provider

Plug into the identity provider your organisation already runs. Users sign in with their existing credentials; teams and roles can be provisioned and deprovisioned automatically as people join and leave.

The compliance archive

If a regulator asks,
only you can answer.

Optional, opt-in compliance journalling. When you turn it on, the key to read the archive sits with your designated compliance officer. Never with us. Never duplicated.

Operator-key archive — the key holder is the customer's compliance officer, not the operator

Platforms

Native everywhere.

A real native app on every platform — designed to feel right at home on iOS, Android, and the web. Built once, polished for each.

iOS

Coming soon to the App Store

  • Native iPhone & iPad app
  • Lock-screen call ringing
  • Face ID / Touch ID app lock
  • Optimized for everyday use

Android

Coming soon to Google Play

  • Native Android app
  • Lock-screen call ringing
  • Fingerprint app lock
  • Optimized for phones & tablets

Web

Available now

  • Modern web app, no plugins
  • Works in every major browser
  • Offline-friendly, push-enabled
  • Same security model as mobile
Sign in to web app →
Mobile

Same envelope.
Every device.

Native iOS and native Android, with the same end-to-end protection and the same compliance toolchain as the web. Staff already know how to use it.

iOS chat with end-to-end encryption, voice notes and legal-hold awareness
iOSnative, App Store
Android chat with end-to-end encrypted document previews
Androidnative, Google Play
Mobile encrypted call with consent-first recording and picture-in-picture
Encrypted callsPiP, blur, recording with consent
Admin built for proof

Five admin lenses.
Every grant visible.

An admin portal that auditors actually like. Five production roles, every capability shown — nothing hidden, nothing behind a feature flag, nothing surprising during procurement review.

Five admin roles — Super Admin, Org Admin, Compliance, Support Admin, Security Auditor — each with their distinct scope
The permissions matrix — every capability and which role is granted it
Self-hosted by default

Lives on your premises.
Belongs to you.

Run it on your own infrastructure, behind your firewall, with your backup regime. UK-incorporated operating company, source-escrow available, perpetual licence option. Lock-in is not in the business model.

Self-hosted deployment — data, keys, devices and storage all inside the customer perimeter

Who it's for

Built for regulated organisations.
Not retrofitted for them.

Consumer messengers were never designed for SRA supervision, FCA principles, CQC oversight or any other regulator that cares how you communicate. This was.

Law firms & chambers

Client-confidential matter discussion with verifiable identity, per-matter access scoping, retention that matches your file-retention policy, and discovery export that holds up in court. SRA outcomes-focused, not feature-bloated.

FCA-regulated firms & advisers

Recorded and retained communications by department, immutable audit trail, and the option to deploy on your own UK infrastructure. The controls your compliance officer needs without the consumer-app distractions clients dislike.

Accountants & tax practices

Encrypted client correspondence, secure file exchange for sensitive documents, and clear separation between personal and professional channels. AML-friendly retention without the headache of email archiving.

Healthcare clinics

Private patient-facing communication that meets confidentiality expectations, with role-based access for clinicians, support staff and external specialists. Data stays where you put it.

Defence suppliers

Self-hosted deployment on your own perimeter, encrypted end-to-end on top, with the cryptographic posture and audit story your government customer's security reviewer is going to ask for. UK incorporation; no US data-transfer dependency.

Local-government contractors

UK / EU data residency, GDPR-aligned by design, listed on the path to G-Cloud / Digital Marketplace. Communications that scale from a single contract to a multi-site programme without changing tooling.

Charities & non-profits

Safeguarding-grade confidentiality for sensitive beneficiary conversations, trustee-deliberation records, and donor data — without handing it all to a US-hosted operator. Charity-rate pricing for registered charities.

Lettings agents & property managers

Defensible records of tenant and landlord communications, retention aligned to ARLA Propertymark / RICS / TPO expectations, and audit trails that hold up under deposit-dispute or redress review. Mobile-first so staff actually use it.

External collaboration

Bring vendors and clients in.
Not into the whole firm.

The hard part of secure messaging at a regulated firm isn't keeping outsiders out — it's letting the right ones in, narrowly. Two purpose-built lanes for it.

Single-thread guest access

Invite a client or vendor to ONE secure thread for a specific matter. They claim the invite, get a persistent encrypted identity scoped to that conversation only, and never see the rest of your directory. Revoke with one click when the engagement ends.

Limited-member access for outside collaborators

For longer engagements where one thread isn't enough — contracted experts, partner-firm staff, seconded advisers. They sign in via your identity provider, get a persistent identity, but can only see the people and teams you've explicitly listed. No accidental directory leakage to anyone external.

Security

What you can prove to a security reviewer.

The full posture lives on the Trust Center — sub-processors, threat model, DPA, security questionnaire. Below is the short version.

Your messages stay yours

Every message is encrypted on your device before it leaves and only decrypted on the recipient's device. The data that travels through our servers is opaque — not just to outsiders, but to us as well.

Forward secrecy

Each conversation continuously rotates its encryption keys. Old messages can't be recovered just because someone has a current key — a property commonly known as forward secrecy. We apply it across every conversation.

No advertising. No data mining.

We don't sell ads, we don't sell data, and our business model has nothing to do with analyzing what you say. Operational telemetry stays operational — error reports, performance metrics, nothing about message content or who you talk to.

UK-incorporated, GDPR-ready

Data protection is built in, not bolted on. As a UK-incorporated company we operate under UK GDPR with clear obligations on data minimisation, transparency, and your right to erasure. Your data is treated as yours.

Open security practices

We publish a security.txt contact for responsible disclosure, restrict our certificate authorities via CAA DNS records, enforce HTTPS everywhere with HSTS, and pin certificates in our mobile apps. The fundamentals, done right.

Built to be trusted, not believed

Privacy claims are only as good as what they actually do. We design every feature so that the security model is the same whether you trust us or not — your data stays protected by mathematics, not policy.

FAQ

Questions we actually get asked.

Is Chattriix Colab really end-to-end encrypted?

Yes. Encryption happens on your device before any message leaves it, and decryption happens on the recipient's device after it arrives. Everything in between is opaque ciphertext. This applies to text, voice notes, calls, photos, videos, and files.

Who is this designed for?

Regulated UK organisations and the teams inside them — law firms under SRA supervision, FCA-regulated advisers and fintechs, accountants, healthcare clinics, defence suppliers, local-government contractors, registered charities, lettings agents and property managers, and any SME where "good enough" privacy isn't. Not for casual consumer chat.

How does retention work for regulated industries?

Administrators set an organisation-wide minimum and maximum retention. Messages younger than the minimum cannot be "deleted for everyone" — the floor your regulator already expects. Messages older than the maximum are auto-archived and purged on a defined schedule, with legal-hold exclusions for matters under investigation. Department-level overrides let Legal keep records for seven years while Engineering auto-purges at ninety days.

Can you export a custodian's communications for legal discovery?

Yes. Administrators can build a discovery manifest scoped by custodian, date range, conversation, team or department, and download it for offline decryption with a key held by your compliance officer — not by us. We stay zero-knowledge throughout, while the export itself holds up to evidentiary scrutiny.

Does this work with our existing single sign-on?

Yes. We integrate with the identity provider your organisation already runs, and we can synchronise users, teams and roles automatically as people join, change role, or leave. Limited-member access lets you give external collaborators a persistent identity scoped only to the teams you want them to see.

Can my organisation deploy this on its own infrastructure?

Yes. Self-hosting on your own UK / EU perimeter is a first-class option and was designed for from day one. If your organisation has data-residency or sovereignty requirements, get in touch at info@chattriix.com and we'll talk through it.

What about pricing?

One-off perpetual licence — see our pricing page. From £8,000 (1-25 seats) up to £75,000+ (200+ seats), plus a 20% annual maintenance fee from year two for security patches, version upgrades and support. Tier reflects deployment shape, not feature gating — every tier ships the full feature set.

When are the iOS and Android apps available?

Coming to the App Store and Google Play. The web app at colab.chattriix.com is available today with the same security model.

How do you handle data and privacy?

We collect the minimum data needed to operate the service. You can request deletion of your account and associated data at any time. We do not sell data, do not run advertising, and do not analyse the contents of your communications.

See it for yourself.
Spin up a sandboxed demo in seconds.

30-minute interactive demo — no credit card, your sandbox auto-deletes when you're done. The web client is live for authorised users; iOS and Android apps are coming soon.