Message encryption
OMEMO sessions protect supported one-to-one and group conversations across registered devices. Server administration does not automatically provide message plaintext.
SecurePhone separates message encryption, device authority, customer administration, infrastructure ownership, and commercial licensing so each control has a clear purpose and a visible limit.
Encrypted conversations, managed endpoints, server operations, customer lifecycle, and licensing are related systems—but they grant different authority.
OMEMO sessions protect supported one-to-one and group conversations across registered devices. Server administration does not automatically provide message plaintext.
Android Device Owner enrollment can apply system-wide policy and remote actions. Ordinary application installs do not receive that authority.
The customer or chosen operator controls the appliance hosts, network boundary, storage, backups, DNS, and provider accounts.
Commerce Hub controls accounts, subscriptions, resellers, balances, service status, modules, and lifecycle operations—not endpoint encryption keys.
Signed entitlements define approved modules and active-user allowances. License expiry does not erase customer data or encryption keys.
SecurePhone product pages distinguish immediate server revocation, endpoint commands that require connectivity, chat-data wipe, and whole-device reset.
Disable credentials and future service access from the control plane without claiming that an offline phone has already erased local data.
ExploreSupported app-level erase paths target Global Chat credentials and local application data, not every file on an unmanaged phone.
ExploreWhole-device reset requires properly enrolled Android Device Owner authority, whether triggered remotely or through Panic Wipe.
ExploreSigned offline licensing grace and customer-run infrastructure keep temporary loss of the SecurePhone licensing service distinct from loss of the appliance itself.
ExploreSecure deployment also depends on enrollment, administrator access, DNS, backups, monitoring, incident procedures, and replacement-device recovery.
Separate Core, Realtime, and Mail when isolation or scale requires it.
ExploreProvision supported hosts, public addressing, DNS, external backups, and only the ports each profile needs.
ExplorePlan enrollment, policy assignment, loss response, wipe scope, replacement, and reactivation before issuing phones.
ExploreDefine users, devices, data, administrators, providers, failure modes, and recovery expectations before selecting modules and infrastructure.
Open the configurator