SemaFore

What it is

SemaFore is a secure messaging platform for organisations that need their internal communications infrastructure to be genuinely private - administered by the organisation, encrypted on device, and inaccessible to anyone outside it.

It is intended for professional environments where communications sensitivity is a legal or competitive matter: government agencies, public sector bodies, M&A advisory, private equity, legal practice, and executive teams handling information that should not sit on platforms with conflicting commercial interests.

How it is different

Most enterprise messaging sits on infrastructure run by companies with a commercial interest in the data that passes through it. SemaFore does not.

Messages are encrypted on the sender’s device before transmission, using the Signal Protocol - X3DH key agreement and Double Ratchet forward secrecy. SemaFore’s servers store and relay ciphertext only. Encryption keys are generated on each user’s device and are never transmitted to our infrastructure. There is no technical mechanism for us to read message content.

This is an architectural property, not a policy one. It does not depend on promises; it depends on mathematics.

Who administers it

Each deployment is owned by an organisation. A designated administrator - typically an IT manager or a senior operations person - controls who has access, approves new devices, and manages the organisation’s configuration through a web-based administration portal.

Administrators have full visibility of who is in the organisation and full control over access. They cannot read message content. The seperatioin is deliberate: the person responsible for running the platform should not be in a position to compromise its confidentiality.

The audit trail

Every administrative action is recorded in an append-only audit log: who was added, who was removed, when access was granted or revoked, and when an administrator session began. The log cannot be altered retrospectively.

Authentication events - successful and failed login attempts - are also recorded, with timestamps and originating IP addresses.

Deployment

SemaFore is available as a managed service, hosted on Attomus-operated UK infrastructure. No third-party cloud provider processes or stores your organisation’s data. Private deployment - within your own infrastructure - is available for organisations with specific data residency or bespoke encryption needs requirements, including public sector and government use cases.

Getting started

Organisations can create their account and be running in minutes at semafore.io. For a short period the free tier supports up to five members immediately with no payment required.

Larger deployments and enterprise requirements are handled differently. If your organisation has complex data residency, air-gap, or compliance requirements, speak to us directly before onboarding.

The Attomus connection

SemaFore is an Attomus product. It is built on the same principles that govern everything Attomus makes: no advertising, no data monetisation, UK jurisdiction, and products designed so that the provider’s access to your information is minimised by architecture rather than promised by contract.

Further information

The SemaFore website contains the full technical documentation, security architecture, pricing, and deployment information.

Private communications for organisations that need tighter control

Built for communication that should stay contained

See the full technical picture

How SemaFore is structured