Security lead
Needs to know whether the content-access claim survives scrutiny.
- Signal Protocol: X3DH plus Double Ratchet
- No plaintext logs or server-held message keys
- Published security and threat-model documentation
Secure Business Messaging · An Attomus Product
Contained communication for serious work.
End-to-end encrypted messaging, file exchange, and governance for organisations that need the facts of communication without exposing the content.
The server routes your messages. It cannot read them. This is not a policy. It is cryptography.
0
server-held message keys
UK
Attomus-owned infrastructure
Full
audit trail, no content access
Admin sees activity, membership, and risk signals. Operators never see message content.
Signal Protocol
X3DH key agreement. Double Ratchet forward secrecy.
The same cryptographic standard used by organisations with an active interest in not being intercepted.
No keys on the server
Decryption keys live only on user devices.
The server holds ciphertext and routes it. Nothing more.
Administration without content
Administrators see who, when, and what type of event.
They never see what was said. The log was never given the content to record.
UK infrastructure only
Attomus-owned hardware in the United Kingdom.
No AWS. No Azure. No GCP. No data leaves UK jurisdiction.
How it works
Tighter handling without asking you to trust us.
Messages leave your device already sealed
Encryption happens on-device, before transmission. X3DH key agreement and Double Ratchet forward secrecy run automatically. The session key never reaches the server.
The server routes. It does not read.
Ciphertext arrives. Ciphertext leaves. No decryption key, no plaintext, and no device-side material reach any Attomus-operated system. There is no configuration option to change this.
Administration without surveillance
Administrators see activity. They cannot see content. Who sent to whom, when, file transfers, group changes — all logged. Message content is absent because it was never available.
Made by Attomus
The firm trusted by government, defence, and regulated enterprise.
Home Office
Ministry of Defence
Boeing
Johnson & Johnson
BAE Systems
Attomus is brought in when the work is sensitive, the standards are high, and outcomes need to stand up under scrutiny.
SemaFore is what Attomus built for its own communications handling. The same discipline that goes into client engagements is what makes the server plaintext-blind by design.
JOSCAR Registered
Pre-qualified for defence, aerospace, and security procurement.
Armed Forces Covenant
Signatory. Attomus operates with the conduct that sensitive environments require.
Berkeley Square
23 Berkeley Square, Mayfair, London W1J 6HE
Registered in England & Wales. No. 06517654
Data Sovereignty
Your communications stay
on UK-controlled infrastructure.
No AWS.
No Azure.
No GCP.
All SemaFore server infrastructure runs on Attomus-owned hardware within the United Kingdom, behind Attomus's own network boundary. No hyperscale cloud provider sits in the processing or storage path.
For organisations subject to UK GDPR, public sector procurement constraints, or contractual data residency requirements, this is not a configuration option — it is how the infrastructure is built.
ICO Registered · UK GDPR Compliant · Data stays in UK jurisdiction
For Organisations
Built for work that carries real risk.
Encrypted on the device. Decrypted only on the device.
Private and group threads. Every message is sealed before it is sent. Keys stay with user devices. The server sees ciphertext.
Files encrypted before upload. Storage stays blind.
File exchange follows the same handling model as messages. The server stores and forwards encrypted material, not readable content.
Full administration. Zero content access.
User management, group governance, invitations, retention settings, and platform administration without giving operators message content.
Full audit trail. No content.
Every platform event records who, when, and what type. Message content is not in the log because the server never had it.
Who it is for
Give each reviewer a clear path to yes.
A secure messaging decision rarely belongs to one person. SemaFore needs to answer the security lead, the compliance owner, and the operations team without making any of them sit through the wrong product tour.
Compliance owner
Needs governance without creating a surveillance archive.
- Retention policy controls
- SIEM-ready audit export
- UK infrastructure and metadata-only operations
Operations team
Needs people to actually use it once security says yes.
- iOS and Android messaging clients
- Groups, receipts, files, and push wake-up
- Invite and onboarding flows for new members
Pricing
Same encryption model. Different rollout terms.
Free
Up to 5 approved members. No time limit during early access.
Professional
£9 per user per month. Built for normal organisational rollout.
Enterprise / Gov
Negotiated. On-premise and device-attestation options available.
Every tier includes the same encryption model and the same apps. The differences are seats, retention, and support terms.
Free tier — early access notice: The free tier is available as part of our early-access launch. If availability changes, organisations on the free tier will receive at least 90 days' written notice and can move to a paid plan at the standard rate.
Government and defence: Device attestation and on-premise deployment options are available for government, defence, and classified-adjacent organisations. These options are negotiated separately and are not on the standard rate card. Speak to us to discuss requirements and timelines.
Get a briefing
A technical sales conversation,
not a product tour.
Twenty minutes should be enough to decide whether SemaFore deserves deeper review: architecture, governance, deployment, pricing, and the risks it does not try to hide. If it is not the right fit, we will say so.
MESSAGE SENT — WE WILL RESPOND SHORTLY.