HyveHeim Apps

Two apps. One mission. Secure communications for people who operate in the real world — whether that means encrypted messaging in a conflict zone or private email that stays private.

phone_android Android In Development
phone_iphone iOS In Development
terminal Linux In Development
desktop_windows Windows In Development
desktop_mac macOS In Development

What Both Apps Share

The same security foundation runs through everything we build. These aren't features bolted on — they're the architecture.

lock

End-to-End Encryption

All data is encrypted on your device before it leaves. The server only ever sees ciphertext. Even with full server access, your content cannot be read.

enhanced_encryption

Post-Quantum Hybrid

Key exchanges use ML-KEM-768 + X25519. Messages sent today remain safe even when quantum computers break today's encryption.

cloud_off

Zero-Knowledge Server

Our servers never hold a decryption key. Encrypted payloads pass through as opaque blobs. We can't read your data — by design.

delete_forever

No Server Logs

No IP addresses, no timestamps, no user agents, no access records. Abuse protection uses hashed, ephemeral counters that expire automatically.

block

No Trackers

No Google Analytics. No Facebook Pixel. No ad network. No crash-reporting SDK. No telemetry. No beacons. No exceptions.

manage_accounts

Minimal Accounts

A handle and a hashed password. No email address or phone number required. Permanently deletable at any time.

key

Multi-Server Key Consensus

Encryption keys are published across multiple independent servers in different jurisdictions. No single server compromise can forge your identity.

contrast

Light & Dark Themes

Automatic system detection with manual override. Both apps respect your preference.

What Makes Each App Unique

Encrypted Messenger

HH Chat

  • Sealed sender — server never knows who sent a message
  • Disappearing messages — server + client enforced timers
  • Encrypted voice & video calls — SRTP, no third-party service
  • Panic button — encrypted emergency alert with location
  • Distress beacon — reporter-directed evidence package
  • Mesh networking — Bluetooth P2P when internet is down
  • Phantom Protocol — full metadata protection suite
  • Security profiles — Everyday to Maximum, per-setting control
  • Trust zones — compartmentalised contacts (Trusted vs Social)
  • Duress PIN — instant data wipe under coercion
  • Screen security — OS-level screenshot/recording block
  • Chaff traffic — decoy messages hide real activity
  • Dead drop channels — rotating cryptographic addresses
  • Deniable messages — shared-secret auth, no proof of authorship
  • Ring signatures — anonymous group membership verification
  • Blockchain DAG — serverless membership verification
  • Country OSINT feed — real-time intelligence from 220 countries
  • Community reports — anonymous user-submitted intelligence
  • Proximity alerts — notifications for nearby events
  • Keyboard safety — detects unsafe keyboards, built-in secure input
Secure Email

HH Mail

  • Sealed email encryption — SPQR Triple Ratchet for HH-to-HH email
  • Any provider — Outlook, Gmail, Yahoo, iCloud, GMX, Yandex, Mail.ru, Zoho, ProtonMail
  • Security scanner — SPF/DKIM/DMARC, phishing, impersonation, malware detection
  • Smart inbox — 4-tab AI categorisation (Focused, Other, News, Alerts)
  • Privacy hardening — remote images blocked, tracking pixels stripped
  • Calendar sync — via provider APIs, stored locally
  • Contacts — auto-collection from headers, smart suggestions
  • Attachments — send, receive, drag-and-drop, on-demand download
  • Rich text compose — formatting toolbar (bold, italic, fonts, lists, links)
  • Full mailbox sync — paginated, incremental, all folders, all providers
  • IMAP + Graph API — dual protocol for maximum compatibility
  • OAuth2 — single sign-in, no password storage for supported providers

Military-Grade Encryption

Both apps meet or exceed the cryptographic standards required by NIST and NSA Suite B — the same baseline used to protect classified government communications.

Component Standard Used In What It Does
Symmetric Encryption AES-256-GCM Chat + Mail 256-bit encryption with built-in tamper detection.
Key Exchange X25519 ECDH Chat + Mail Constant-time key agreement immune to timing attacks.
Post-Quantum ML-KEM-768 Chat + Mail Hybrid classical + post-quantum. Future-proof against quantum decryption.
DM Forward Secrecy X3DH + Double Ratchet Chat Per-message key ratcheting for 1:1 conversations. Every message has a unique key.
Group Forward Secrecy MLS TreeKEM (RFC 9420) Chat Group keys rotate on every member change. Leaked keys heal automatically.
Sealed Email SPQR Triple Ratchet Mail Post-quantum triple ratcheting for email with multi-server key consensus.
Key Derivation HKDF-SHA256 Chat + Mail Cryptographic domain separation between key uses.
Zero-Knowledge Server Relay-Only Chat + Mail Servers never hold decryption keys. Encrypted blobs only.
HH Chat Exclusive

The Phantom Protocol

Most encrypted messengers protect what you say. The Phantom Protocol protects that you said it, when you said it, and who you said it to.

mystery Phantom Sender

Sender identity is encrypted inside the message payload. Two messages from the same person are indistinguishable to the server.

schedule Temporal Smearing

Timestamps blurred by random offset up to 30 seconds. Timing-based surveillance becomes unreliable.

translate Rosetta Layer

Encrypted data transformed into text resembling a constructed language unique to each conversation.

drafts Dead Drop Channels

Messages deposited at rotating cryptographic addresses that change every hour.

wifi_tethering Chaff Protocol

Continuous encrypted decoy traffic indistinguishable from real messages.

history_edu Deniable Messages

Shared-secret authentication. Your recipient knows you wrote it — but can't prove it to anyone else.

The result: The server cannot answer: who sent a message, how many messages a person sent, when it was sent, which conversation it belongs to, or whether encrypted traffic is even HyveHeim traffic at all.

Your Privacy — In Detail

Both apps share the same privacy architecture. We don't collect the data in the first place — so there's nothing to subpoena, nothing to hack, and nothing to sell.

lock Sealed sender (Chat) & sealed email (Mail)

In HH Chat, sender identity is encrypted inside the message payload. In HH Mail, sealed emails between HH users are encrypted end-to-end with SPQR Triple Ratchet. In both cases, the server never sees who communicated with whom.

visibility_off Privacy hardening (Mail)

Remote images blocked by default. Tracking pixels stripped on arrival. External links preserved for legitimate security notifications but sanitised for trackers. Your inbox is yours alone.

phonelink_lock Encrypted local storage

Sensitive data on your device — auth tokens, message history, email cache — is encrypted at rest using hardware-backed key storage.

wifi_off No Internet? The Mesh Has You Covered. HH Chat

When infrastructure fails — natural disaster, civil unrest, blackout, or censorship — HH Chat falls back to peer-to-peer mesh networking. Messages synchronise directly between nearby devices without any server or internet connection.

bluetooth Bluetooth sync wifi Wi-Fi Direct public Anonymous routing devices Peer-to-peer lock End-to-end encrypted
HH Chat

Privacy Without Impunity

Group size determines the privacy boundary — small groups are fully private, large groups require leadership accountability. Messages remain zero-knowledge in all cases.

groups Free — Up to 25 Members

No verification. No identity trail. Families, friend groups, small teams — fully private by default.

verified_user Premium — Up to 500 Members

Leaders verify identity. Members stay anonymous. Leadership identity encrypted — a full breach yields only opaque blobs.

security The Beacon

Export a signed evidence package from any group. The server assembles it, returns it. You decide what to do with it.

functions Mathematics of Scale

At 100 members with 3% defection probability, 95% chance someone activates the beacon. Scale itself becomes the liability.

HH Chat

How HH Chat Compares

Mainstream messengers protect content in transit. Privacy-first messengers go further. HH Chat goes further still.

Feature WhatsApp Telegram Signal Briar Session HH Chat
End-to-end encryptioncheck_circleremove_circlecheck_circlecheck_circlecheck_circlecheck_circle
No phone number requiredcancelcancelremove_circlecheck_circlecheck_circlecheck_circle
Sealed / anonymous sendercancelcancelremove_circlecancelremove_circlecheck_circle
Zero server logscancelcancelremove_circlecheck_circlecheck_circlecheck_circle
Traffic analysis resistancecancelcancelcancelremove_circleremove_circlecheck_circle
Post-quantum protectioncancelcancelcheck_circlecancelcancelcheck_circle
Deniable messagescancelcancelcancelcancelcancelcheck_circle
Offline / mesh fallbackcancelcancelcancelcheck_circlecancelcheck_circle
Anonymous hidden servicecancelcancelcancelcheck_circlecheck_circlecheck_circle
Multi-jurisdiction infrastructurecancelremove_circlecancelcheck_circleremove_circlecheck_circle
HH Mail

How HH Mail Compares

Most email clients trust your provider and load remote content that tracks you. Encrypted email providers lock you into their ecosystem. HH Mail works with any provider and adds the privacy they won't.

Feature Gmail Outlook Thunderbird ProtonMail Tutanota HH Mail
Works with any providercancelcancelcheck_circlecancelcancelcheck_circle
E2E encryption (user-to-user)cancelcancelremove_circle
PGP (manual)		check_circle
Proton-only		check_circle
Tuta-only		check_circle
HH-to-HH
Post-quantum encryptioncancelcancelcancelcancelcancelcheck_circle
Remote images blockedcancelcancelremove_circlecheck_circlecheck_circlecheck_circle
Tracking pixel strippingcancelcancelcancelcheck_circlecheck_circlecheck_circle
Security scanner (SPF/DKIM/phishing)remove_circleremove_circlecancelremove_circleremove_circlecheck_circle
Smart categorisationcheck_circlecheck_circlecancelcancelcancelcheck_circle
No third-party analyticscancelcancelcheck_circlecheck_circlecheck_circlecheck_circle
Multi-server key consensuscancelcancelcancelcancelcancelcheck_circle

check_circle Full support   remove_circle Partial / limited   cancel Not available

The difference: ProtonMail and Tutanota offer excellent encryption — but only within their own ecosystem. HH Mail works with any email provider (Outlook, Gmail, Yahoo, iCloud, and more) and adds sealed encryption between HH Mail users on top. You keep your existing email address. We add the privacy.

Both apps are in active development for all platforms. Get in touch to be notified when they launch.

HH Chat — encrypted messaging for mobile and desktop. HH Mail — secure email for desktop and mobile.