Chattriix Colab
1 / 19 Try the demo →
Chattriix Colab

Secure communications
for regulated UK organisations.

End-to-end encrypted messaging, calls and meetings — with the retention, legal hold and discovery controls a regulated firm actually needs.

🔒  demo.chattriix.com  ·  30-minute sandbox
Pitch deck · 2026 info@chattriix.com · colab.chattriix.com
The problem

Regulated firms are running
compliance through consumer apps.

The market gap

Two bad options.
Until now.

Category A

Consumer messengers

  • ✓ End-to-end encrypted
  • ✗ Compliance-ready

Generally strong on privacy. Typically not built around admin retention, legal hold, scoped discovery, or organisation-wide audit controls.

Category B

Mainstream enterprise messengers

  • ✗ End-to-end encrypted
  • ✓ Compliance-ready

Compliance feature sets exist, but conversations are generally readable by the operator and subject to the operator's home-jurisdiction legal process.

What Chattriix Colab is

One platform.
End-to-end encrypted by default.

Built around the compliance controls regulators actually require — retention, legal hold, discovery, audit, single sign-on — without breaking the privacy guarantee. Designed for the firms that get audited.

Encrypted before it leaves your device

Message content is encrypted on the sending device and decrypted only on the receiving device. The payload we route is opaque ciphertext.

Compliance controls built in

Retention floors and ceilings, legal hold, scoped discovery export, tamper-evident administrator audit log — designed to support regulated-firm obligations.

UK-incorporated, UK / EU residency

A UK-incorporated company, with primary infrastructure in the UK / EU region. Self-hosting available where required.

No advertising. No data mining.

No advertising business. No data mining of message content. No training third-party models on what you say. Revenue comes from licence fees.

Who it's for

Built for regulated organisations.
Not retrofitted for them.

⚖️

Law firms & chambers

SRA outcomes-focused.

💼

FCA-regulated advisers

Retained comms, audit trail.

🧾

Accountants & tax

AML-friendly retention.

🏥

Healthcare clinics

Patient-confidential by design.

🛡️

Defence suppliers

Sovereign deployment ready.

🏛️

Local-gov contractors

UK / EU residency, GDPR-aligned.

🤝

Charities & non-profits

Safeguarding-grade retention.

🔑

Lettings agents

Defensible tenant records.

How it works

Encrypted on your device.
Decrypted on theirs.

1
🔐

Your device encrypts

Every message, call, photo and file is encrypted on your device before it leaves it.

2
☁️

We deliver ciphertext

Our servers route what you sent to where it needs to go. We can't read what we're carrying.

3
🔓

Their device decrypts

The recipient's device decrypts the payload locally. Plaintext exists only on the endpoints.

"The message content stays on the endpoints. We carry ciphertext." Designed without backdoors, key escrow, or operator-held master keys.
Private by construction

Plaintext on devices. Sealed everywhere else.

End-to-end encryption journey from sender to recipient

Conversations are readable on your device and the recipient's. Not in transit. Not at rest. Not by us.

Capabilities

Everything a regulated team needs.

🔐

End-to-end encryption

Messages, calls, voice notes, photos, videos, files — all encrypted on-device.

📞

Voice, video & group meetings

Mesh group calls, screen-share, network-quality indicators, hand-raise, reactions.

👥

Group chats, done properly

Mentions, replies, edits, reactions, forwarding with attribution, pinned messages.

🔄

Multi-device sync

Phone, tablet, laptop — each device has its own keys. Add or remove without compromise.

🔍

Private search

Cross-thread and within-conversation. The index lives on your device, not on our servers.

🪪

Verified identity

Out-of-band safety numbers. Optional org-admin attestation for "verified by your organisation".

📁

Media & call recording

Encrypted media. Two-side recording consent. Password-protected, expiring share links.

🔒

App lock + biometrics

Face ID, Touch ID, fingerprint — separate from your device unlock.

Group chat in motion

The kind of chat your team won't bypass.

Group conversation with @mentions, reactions, retention policy and legal hold

@mentions, threaded replies, reactions, pinned messages — under one E2E envelope, with retention and legal-hold built in.

Compliance toolkit

Built for the firms that get audited.

Retention policies

Org-wide floor and ceiling. Department-specific overrides. Keep Legal's records for seven years while Engineering auto-purges at ninety days.

Legal hold

One click freezes a user's communications from auto-deletion, indefinitely, with an immutable audit trail. Held users keep messaging — transparently.

Discovery export

Scoped by custodian, date, conversation, team or department. Encrypted to a key your compliance officer holds — not us. We stay zero-knowledge.

Tamper-evident audit log

Every administrator action — config change, policy update, legal hold, discovery export — appended to a chained log that surfaces tampering on inspection.

Encrypted backups

Daily encrypted backups with nightly restore-verification drill. Documented DR procedure with stated RTO and RPO. The boring stuff, actually done.

Single sign-on

Plug into the identity provider your organisation already runs. Automated provisioning and de-provisioning as people join and leave.

The compliance archive

If a regulator asks, only you can answer.

Operator-key compliance archive — customer's compliance officer holds the key, not the operator

Opt-in journalling. The key to read the archive sits with your compliance officer. We literally cannot.

External collaboration

Bring vendors and clients in.
Not into the whole firm.

Narrow

Single-thread guest access

Invite a client or vendor to ONE secure thread for a specific matter.

  • They claim the invite via a one-use link
  • They get a persistent encrypted identity — scoped to that conversation only
  • They never see your directory, other clients, or other matters
  • Revoke with one click when the engagement ends
Persistent

Limited-member access

For longer engagements where one thread isn't enough — contracted experts, partner-firm staff, seconded advisers.

  • Sign in via your identity provider
  • Persistent identity, but only see people and teams you explicitly list
  • No accidental directory leakage to outside collaborators
  • Deprovision automatically when SSO revokes them
Verified by your organisation

Trust, with proof — for staff and guests alike.

Identity attestation card with safety numbers, QR verification and scoped guest access

Safety numbers verify identity out-of-band. Org admins sign their staff's keys — so a green "Verified" badge actually means something.

The trust posture

What you can prove
to a security reviewer.

Your messages stay yours

Encrypted on your device before it leaves; decrypted only on the recipient's device. Opaque to us in between.

Forward secrecy

Each conversation continuously rotates its encryption keys. Compromise of a current key does not expose past communications.

No advertising, no data mining

Our revenue is licence fees. We do not analyse, train on, or sell what you say.

UK-incorporated, GDPR-ready

Operating under UK GDPR with clear obligations on data minimisation, transparency, and your right to erasure.

Open security practices

Published responsible-disclosure contact. Certificate-authority restrictions in DNS. HTTPS-everywhere with strict transport security.

Built to be trusted, not believed

The security model is the same whether you trust us or not. Your data stays protected by mathematics, not by policy.

Why now

Five forces converging
on regulated UK firms.

Deployment

Self-hosted, by design.
Your perimeter, your control.

🏢

Standard self-hosted

Default

Runs on your own UK / EU perimeter. You hold the operational keys. Single VM for smaller teams, HA cluster for larger ones — both supported as first-class deployments.

🛠️

Managed self-hosted

Optional

You own the licence; we operate the instance on your cloud account. Useful if your team wants the trust posture without the ops overhead. Charged separately as a service.

🇬🇧

Sovereign / bespoke

On request

UK-only managed deployment for sovereignty-sensitive customers. Government framework deployments handled as a bespoke engagement with separate commercial terms.

Self-hosted by default

Lives on your premises. Belongs to you.

Self-hosted deployment — your data, your keys, your infrastructure inside the customer perimeter

UK-incorporated operator. Source-escrow available. Perpetual licence option. Lock-in is not in the business model.

How we sell

One-off perpetual licence.
You own it. Forever.

🔐

You own the software

Perpetual licence. No subscription. No annual renewal pressure. After the first 12 months you choose whether to take updates.

🏛️

Your data never leaves your perimeter

Runs entirely on infrastructure you control. We have no operational access to your messages, calls, files or metadata — by design, not by promise.

📊

Budget without surprises

Fixed cost on signature. Predictable annual maintenance fee for security patches, version upgrades and support. No per-seat creep, no usage spikes.

🚪

No vendor lock-in

Source-escrow option available. If we disappear, you keep running it. Your audit trail, retention policies, and discovery exports all stay with you.

The tradeoff: you provide the infrastructure and your IT looks after it. We support it; you don't depend on us to keep the lights on.

Pricing tiers

Pay once. Maintain annually.
Tier = capacity, not feature gating.

Starter1–25 seats
£8,000
one-off licence
Maintenance£1,600 / yr from Y2
  • Single-VM deployment
  • Install + SSO config
  • Admin training (½ day)
  • Updates + email support (Y1)
  • 20% annual maintenance
Business76–200 seats
£40,000
one-off licence
Maintenance£8,000 / yr from Y2
  • HA cluster deployment
  • Everything in Growth
  • Custom branding included
  • Priority response SLA
  • 20% annual maintenance
Enterprise200+ seats
From £75k
one-off licence
MaintenanceCustom
  • Multi-region architecture
  • Bespoke install + DR runbook
  • Source escrow available
  • Dedicated account contact
  • Custom commercial terms

All tiers ship the full feature set — encryption, calls, recordings, retention, legal hold, eDiscovery, attestation. The tier reflects your headcount and the deployment shape it needs.

Reference deployments

What your IT will provision.
Known specs, not surprises.

TierShapeComputeStorageIndicative cost
Starter1 VM4 vCPU · 16 GB RAM500 GB SSD~£60–100 / month cloud
or £3–5k server
Growth2 VMs (app + DB)8 vCPU · 32 GB · app
4 vCPU · 16 GB · DB
500 GB SSD on DB~£200–400 / mo cloud
Business4–5 VMs (HA cluster)2× 16 vCPU · 32 GB app
Postgres HA pair (Patroni)
Dedicated TURN
1 TB SSD + S3 object~£800–1,500 / mo cloud
EnterpriseMulti-region clusterCustom architecture
Reviewed with your IT
Tiered storage + CDN£3,000+ / mo cloud

Sizing assumes ~20% concurrent active during peak, 1–3 devices per user, 10–15% in calls at peak, 1-year horizon. Your IT can request a custom sizing review.

What's included

Every tier ships the full feature set.
Bolt-ons priced separately.

Included in every tier

Full feature set

  • End-to-end encrypted messaging, calls, files (web · iOS · Android)
  • Group chats with reactions, replies, edits, mentions
  • 1:1 and group calls with consent-gated recording
  • Multi-device sync, presence, status
  • Admin portal — users, devices, sessions, policies
  • Compliance toolkit — retention, legal hold, eDiscovery export
  • Operator-key archive (your compliance officer holds the key)
  • Identity attestation (Signal-style verified-by-organisation)
  • Tamper-evident audit log with on-demand integrity verifier
  • SSO / SAML / SCIM / IAM (departments, locations, teams, tags)
  • External guest access with deep-link claim flow
Optional bolt-ons

Buy what you need

  • Professional services / deployment£2,000
  • Custom branding (logos, colours, domain)£1,500
  • SSO / SAML configuration assistance£750
  • Admin training (per day)£500
  • Source-code escrow with third-party agent£2,000 / yr
  • Managed self-hosted (on your cloud)£400 / mo
  • Extended support hours (UK biz → 24/7)£2,400 / yr
  • Custom integration (CRM, ERP, case-mgmt)Quoted
Roadmap

Honest about where we are.
Clear about where we're going.

Today

Web client live

End-to-end encrypted messaging, calls, meetings, group chats, compliance toolkit, admin portal, SSO, discovery export, self-hosting. UK-incorporated and operational.

Next 90 days

iOS and Android native apps

Submitted to App Store and Google Play. Same security model as web. Push, biometric app lock, lock-screen ringing.

Next 6–12 months

ISO 27001 certification

External audit underway. Information security management system documented and operated. Publishable to procurement reviewers on completion.

Next 18–24 months

G-Cloud listing and SOC 2

On the path to G-Cloud / Digital Marketplace. SOC 2 Type I for US-buyer-ready customers. Sovereign-cloud bespoke deployments for defence/government supply chain.

Try it

See it for yourself.
30-minute sandbox.

demo.chattriix.com →

No credit card. Auto-deleted when you leave. Walks through end-to-end encryption, retention policies, legal hold, discovery export, and the admin portal — with real seeded data.

info@chattriix.com · colab.chattriix.com · Security & DPA on request

Chattriix Colab

Communication a regulator
can audit.

Thank you.

info@chattriix.com · demo.chattriix.com · colab.chattriix.com