SecSoft is a private communication platform built for principals, institutions, and organisations for whom a breach is not an inconvenience — it is an existential event. Not available to the general public.
Key exchange combines classical X25519 elliptic-curve with ML-KEM-1024 (FIPS 203) — NIST Security Category 5, the level CNSA 2.0 mandates for national security systems. An adversary must break both the elliptic-curve and the module-lattice problem to recover a key. This hybrid design is the same conservative approach adopted by Signal, Google, and Cloudflare.
X25519 + ML-KEM-1024 · FIPS 203Messages are signed with ML-DSA-87 (FIPS 204, Security Level 5), with SLH-DSA-SHA2-256s (FIPS 205) available as an independent hash-based alternative. The two schemes rest on unrelated mathematics — module lattices and hash functions — so a future break in one does not compromise the other. Both parameter sets are exactly those mandated by CNSA 2.0.
ML-DSA-87 · FIPS 204 · SLH-DSA · FIPS 205A continuously ratcheting key schedule derives a fresh key for every message and re-injects post-quantum key material as the conversation proceeds. A device compromised today cannot decrypt yesterday's messages, and a key recorded today cannot decrypt tomorrow's. This extends the Signal-style Double Ratchet into the post-quantum domain.
Ratcheting Keys · Forward & Post-Compromise SecrecySecSoft possesses no technical capability to access your communications. Decryption keys exist only on your devices. We cannot comply with demands to produce message content — not because of policy, but because the key material does not exist on our infrastructure. This is not a promise. It is an architectural fact.
Zero Access by DesignFor family offices, law firms, and institutions requiring integration into existing workflows — SecSoft provides a dedicated REST and WebSocket API with dedicated engineering support. Deployable within your own infrastructure perimeter on request.
Dedicated API · Private DeploymentArchitected to meet the requirements of FIPS 140-3, SOC 2 Type II, GDPR, and HIPAA, with formal certification pursued on our published roadmap. Complete audit trails, immutable logs, and Swiss data residency for regulated industries. Suitable for legal privilege communications, M&A negotiations, board-level correspondence, and cross-border sovereign transactions.
Compliance-Ready Architecture · Swiss ResidencyOn first launch, your device generates both an X25519 elliptic-curve key pair and an ML-KEM-1024 key pair locally. The public keys are registered with SecSoft; the corresponding private keys never leave your device.
To open a conversation, two shared secrets are established — one via X25519 and one via ML-KEM-1024 (FIPS 203) — and combined through a key-derivation function. An adversary would have to break both the elliptic-curve and the module-lattice problem to recover the result. The classical half protects against implementation flaws in the newer algorithm; the post-quantum half protects against future quantum computers.
The combined secret seeds an AES-256-GCM message key. Content is encrypted on your device before transmission. AES-256 is already quantum-resistant — Grover's algorithm reduces its effective strength only to a 128-bit security level, which remains computationally infeasible to brute-force.
Each message is authenticated with an ML-DSA-87 (FIPS 204) signature; SLH-DSA-SHA2-256s (FIPS 205) is available as a hash-based alternative resting on entirely different mathematics. The recipient verifies the signature before the message is accepted, guaranteeing both sender identity and integrity.
State-level intelligence services are recording your encrypted communications today, at scale, to decrypt the moment quantum computers become viable. If your current communications platform uses RSA or ECC, your correspondence, deal flow, and private decisions are already in a foreign archive. SecSoft's post-quantum algorithms make that archive permanently worthless.
SecSoft operates exclusively under Swiss incorporation with no US or EU parent entity. The US CLOUD Act cannot compel disclosure. No Five Eyes agreement applies. Article 271 of the Swiss Criminal Code makes it a criminal offence for any Swiss company to comply with foreign surveillance requests outside formal treaty channels. Your data has no legal route to a foreign government without your knowledge and Switzerland's courts.
Nation-state adversaries do not always attack over the network. Our implementations use constant-time arithmetic and masked operations to resist timing attacks, power analysis, and electromagnetic emanation — the methods used against high-value targets when network penetration fails.
Private key material can be stored in FIPS 140-3 Level 3 certified Hardware Security Modules — Thales, Entrust, or your own air-gapped HSM infrastructure. Keys bound to hardware cannot be extracted by software, malware, or remote intrusion. Available as a managed service or within your own data centre.
Key material is never concentrated. Threshold cryptography distributes it across geographically isolated nodes — no single server, no single jurisdiction, no single point an adversary can seize or compel. An attack on any individual node yields nothing of value.
SecSoft integrates natively with YubiKey 5 Series hardware tokens for phishing-resistant FIDO2 and PIV authentication. Private keys can be stored directly on the YubiKey's secure element — never exposed to software or the operating system, even during signing operations.
For principals managing significant wealth, sensitive legal matters, or national interests, the jurisdiction of your communications infrastructure is not a technical footnote — it is a strategic decision. Switzerland offers the only combination of constitutional privacy rights, centuries of political neutrality, and statutory criminal protection against foreign surveillance that no EU or US jurisdiction can replicate.
Privacy is a constitutional right in Switzerland under Art. 13 of the Federal Constitution — not a regulatory policy subject to political reversal. The revised Federal Act on Data Protection (FADP, in force September 2023) enshrines Privacy by Design and Privacy by Default at the legislative level, meaning every service must be built with the strictest privacy settings active from day one.
The US CLOUD Act (2018) allows US authorities to compel American technology companies to hand over customer data stored anywhere in the world — including servers in Switzerland or the EU — without notifying the data subject. SecSoft operates exclusively under Swiss legal entities with no US parent company, making CLOUD Act demands legally inapplicable. Swiss regulators in Zurich have formally ruled that public bodies act unconstitutionally when they entrust data to US-controlled infrastructure, even if servers are physically located in Switzerland.
Article 271 of the Swiss Criminal Code explicitly forbids any Swiss company from complying with foreign law enforcement requests outside of formal mutual legal assistance treaties (MLATs). Assisting a foreign government in accessing Swiss-hosted data outside of this process is a criminal offence in Switzerland. All surveillance requests must go through Swiss courts — warrantless access, national security letters, and bulk collection programs of the kind permitted in the US are illegal under Swiss law.
Switzerland's political neutrality — codified since the Treaty of Paris in 1815 — means it is not party to any intelligence-sharing alliances such as Five Eyes, Nine Eyes, or Fourteen Eyes. There are no bilateral surveillance agreements with the US, EU, or any other power that could obligate Swiss authorities to assist in foreign data collection. Your data exists in a geopolitical safe harbour, insulated from the pressures that affect hosting in NATO member states or EU jurisdictions subject to evolving transatlantic data-transfer frameworks.
Switzerland has a single federal data protection authority — the Federal Data Protection and Information Commissioner (FDPIC) — with one consistent interpretation of the FADP. Unlike the EU's patchwork of 27 national Data Protection Authorities issuing divergent guidance, Swiss law is stable and predictable. FADP adequacy is independently recognized by the EU, enabling uninterrupted cross-border data flows. For global enterprises, this means one compliance framework, one regulatory relationship, and no exposure to conflicting national DPA rulings.
Unlike the GDPR — which imposes fines up to 4% of global annual revenue on corporations — the FADP holds the responsible individual directly liable, with personal fines of up to CHF 250,000. This creates a powerful incentive structure where data protection is a personal legal obligation for every decision-maker, not an accounting line item to be managed. SecSoft's leadership is personally committed to Swiss compliance, not merely corporately incentivised.
When you engage SecSoft, your communications are encrypted with quantum-safe algorithms that no foreseeable computer can break, authenticated with YubiKey hardware that cannot be replicated remotely, stored under a constitutional right to privacy that no foreign government can override, and governed by a single independent federal authority with criminal-law teeth. This is not a product available to the general market. It is the infrastructure choice of those for whom these distinctions are not theoretical.
For financial institutions, law firms, family offices, and sovereign entities that require quantum-safe communications infrastructure presented entirely under their own brand. SecSoft provides the cryptographic foundation. Your name, your domain, your governance — complete discretion guaranteed under NDA.
Strong cryptography is the foundation, not the finish line. Sophisticated adversaries rarely break the mathematics — they attack the metadata around it, the device that holds the keys, and the person compelled to unlock it. Our engineering roadmap closes those gaps. Items marked Live are deployed today; those marked In Development are on our published roadmap.
We retain no social graph, contact list, or message logs. Sender identity is concealed from our own servers using sealed-sender techniques, so we cannot see who is messaging whom. Note: like all such systems, this reduces — but cannot wholly eliminate — network-level traffic analysis, which is why it is paired with the measures below.
Constant-rate cover traffic and message padding so that an observer watching the network cannot infer when — or whether — you are actually communicating. Optional routing through a mix network to dissociate your IP address from your identity.
Keys sealed inside the device Secure Enclave / TEE, never present in general memory. Remote attestation lets the service refuse to communicate with a jailbroken, rooted, or tampered device — closing the most common real-world attack path. To be meaningful, attestation is paired with reproducible builds (below).
A duress passphrase that opens a convincing decoy workspace while cryptographically destroying access to the real one — protection for the moment a principal is physically compelled to unlock a device. Combined with cryptographic erasure, where destroying a key renders data permanently unreadable rather than merely "deleted."
For the most sensitive material, no single person or seized device can unlock data alone. Threshold cryptography requires a configurable quorum — for example three of five trustees — distributed across people and jurisdictions, eliminating any single point of compromise or compulsion.
For clients who cannot afford to take our word for it: reproducible builds, so anyone can confirm the published app is built from the audited source; independent third-party cryptographic audits; key transparency to detect any attempted server-side key substitution; and formal, machine-checked verification of the core protocol — the standard set by Signal's PQXDH proof.
SecSoft is not a mass-market product. Onboarding is conducted by application, with each client reviewed individually. If your security requirements are commensurate with the standard we maintain, we will respond within 48 hours.