Frequently Asked Questions


When a message is sent, it routes via our servers to the recipient. If the recipient is not online at the time you sent the message, the message will wait on our servers until they do. During that time we cannot read the message - it was encrypted by the sending device and we only have the encrypted version. Once the recipient comes online and we deliver your message to their handset - a small grey dot is shown on your screen next to that message. This will turn into a green dot once they have read your message

Semafore is a messaging tool that is designed for organisations, not private individuals. As such the visibility of whether a message is reported as seen or not is set by the organisation.

Note that this is the issuing of read receipts, regardless of organisation. If User A1 is in Organisation A and A has determined that user A1 will not issue read receipts, User B2 in Organisation B that does permit read receipts to be issued, will not be able to tell if User A1 has read or not read B2's' message. Meanwhile if A1 sends a message to B2, A1 will be able to tell if B2 has read it.

When Semafore is first opened, or opened after a period of being in the background, it connects to our server and conducts a 'cryptographic-handshake' to report that it is now online and able to receive / send messages. This opening up of a crypto tunnel takes a little while - cryptography (encryption) is mathematically challenging and hence the 'delay' whilst it completes.

  1. end-to-end encryption
  2. cannot be read on our servers
  3. due to the advanced cryptography used we need to ensure no bad actors - hence only sold to organisations that have a footprint (ie listed in a government published corporate register)
  4. all code libraries are either developed by ourselves or sit under our control - no ability for a bad actor to conduct a supply chain attack and introduce malicious code into an inherited library

At initial install, a non-registered user can only communicate with two others. This limits the use of Semafore by bad actors until Attomus has verified the buying entity.
Also See 'Why don't you sell via the AppStore or Google Play

The security architecture and encryption that Semafore uses means that we are not permitted to allow non-approved entities to make use of our technology.

As a result, we can only offer Semafore to organisations that can be publicly verified as part of the buying process - they must exist on a corporate register, and key details will be independently verified before a full licence can be issued.

For government agencies, please contact 'semafore' 'at' 'attomus.com' or raise a ticket at attomus.com


For monthly spend in excess of £1,000 / $1,000 - of course. Please email 'billing' 'at' 'attomus.com'

The dashboard allows an organisation to look across their user population and provides security monitoring, key metrics and security tools to help the CISO understand their security posture within Semafore.

From the Dashboard you can see how many messages are being sent from which devices (obviously you can't read them or tell who they are being sent to), remote delete the application from a user's device if it's been compromised or stolen, and manage your users and whether users may invite others.

This is managed within the Dashboard

Attomus is an independent cybersecurity and advanced technology company that provides tools and services to the UK government, NATO and other agencies.
A bunch of nerds who love tech and have lived our entire lives in the cyber and advanced security space, we wanted to use our skills and knowledge to build a product that could be used by a wider audience than the very exclusive rarefied clients that we normally work with.

  • Semafore is designed to do one thing well - offer a highly secure communication tool. We don't own a social media company, we don't aggregate vast data, we don't have any conflicts of interest. We only do cybersecurity.
  • Enterprise First. Built from the ground up for Enterprises and Government Agencies, not private individuals
  • Not built by some huge company - no more adverts appearing on social feeds relating to the 'private' chat you just had
  • Controlled access - CISO can determine if users can forward invites to others, for example journalists allowing confidential sources to use Semafore, or if all communication should remain in-house
  • Remote wipe - dashboard allows a CISO to remotely wipe a device if it has been physically compromised (e.g. stolen)
  • Built by UK cyber experts, so fully subscribes to GDPR and European Privacy Laws - no US Homeland issues