Encrypted Channel Online·v1.0 / 2026

Signal,self-hosted.

Military-grade E2EE · No server can decrypt your data

Request Deployment→View Architecture↓

E2EE

Signal Protocol

KEYS

Generated on device

NET

Server only relays ciphertext

CORE

Rust · Memory-safe

01Built For

Built for those who can’t afford to be overheard.

High-sensitivity, compliance-bound, cross-team workflows — these are the buyers hostsig serves.

01 · GOV

Government & Public Sector

Day-to-day cross-department, multi-city, multi-level coordination — informal deliberation outside formal channels, emergency dispatch, and sensitive internal directives.

02 · LAW

Law Firms

Client intake, case-file review, litigation strategy, partner-level case assessments — privileged content never leaves the firm.

03 · FIN

Investment & Asset Management

Deal flow, internal credit committees, diligence discussions, allocation calls — MNPI never transits public IM.

04 · MED

Healthcare & High-Sensitivity

Inter-physician consults, cross-hospital case discussions, clinician–patient follow-ups — high-cadence collaboration under data-residency mandates.

05 · CORP

Listed Co. Board / Executives

Earnings blackouts, M&A discussions, board topics, executive moves — conversations that simply don’t belong on public IM, routed through your own channel.

06 · EXT

Cross-Border Teams

Your server runs in the jurisdiction you choose — outside the reach of public-IM policy changes, government data requests, and platform bans.

02Why

Public IM was never yours.

Real communication privacy starts only when the data sits on your own servers and the keys stay on your own phones.

Public IM

WeChat / Telegram / etc.

Service can read messages
Subject to regulation
Metadata exposed
Content decryptable

Public Signal

Signal Messenger

End-to-end encrypted
Cross-border access
Real phone number required
Metadata minimized

hostsig

Self-hosted

End-to-end encrypted
Data sits on your own servers
Custom numbering
Server holds no keys

03Features

Six features that keep your data safe.

E2EE

End-to-End Encryption

Signal Protocol with forward and backward secrecy. The server only ever relays ciphertext.

Metadata Minimization

Sealed Sender, private groups, private contact discovery — the server never sees the social graph.

AUDIT

Auditable Client

Built on the open-source Signal Android client; client code is fully inspectable.

OUTSIDE

External Holds No Keys

External components like DNS and object storage only ever touch ciphertext. Keys and plaintext stay on user phones — invisible to every server.

RUST

Rust Server

Memory-safe and fast.

NUMBER

Custom Numbering

Assign internal numbers freely — no real phone number required to register.

04Architecture

One picture says it.

All encryption happens on the phone. The server only sees unreadable ciphertext. The whole stack lives in your network and can start on a single VPS.

hostsig://topology

     ┌───────────────────┐                    ┌───────────────────┐
     │  CLIENT A         │                    │  CLIENT B         │
     │  Android          │                    │  Android          │
     │                   │                    │                   │
     │  keys live here   │                    │  keys live here   │
     └─────────┬─────────┘                    └─────────┬─────────┘
               │                                        │
               │  ───────  TLS + Noise · encrypted envelope  ───────
               │                                        │
               ▼                                        ▼
     ┌──────────────────────────────────────────────────────────┐
     │                                                          │
     │              YOUR SERVER  ─  1 box is enough             │
     │                                                          │
     │      message routing  ·  discovery  ·  groups            │
     │                                                          │
     │      ┄┄┄┄┄┄┄┄┄┄┄┄┄  holds no plaintext key  ┄┄┄┄┄┄┄┄┄┄┄  │
     │                                                          │
     └──────────────────────────────────────────────────────────┘

                  ↑  keys & plaintext live only on user devices · no public domain needed  ↑

┌──────────────┐
│ CLIENT A     │
│ keys local   │
└──────┬───────┘
       │ encrypted
       ▼
┌──────────────┐
│ YOUR SERVER  │
│ no key held  │
└──────┬───────┘
       ▲ encrypted
       │
┌──────┴───────┐
│ CLIENT B     │
│ keys local   │
└──────────────┘

Encryption happens on the phone

Messages become ciphertext before they leave your device.

The server only relays ciphertext

Routing, groups and discovery all operate over ciphertext and hashes.

Keys & plaintext only on user devices

Your server, plus external DNS and object storage, only ever touch ciphertext and addressing. No server holds keys or plaintext.

05Security Model

The server never holds anything that can decrypt.

01
Keys are born on the device — and stay there
Identity and message keys are generated locally on each phone and are never uploaded to the server.
02
Per-pair independent keys
Every conversation pair uses an entirely distinct session key. Compromising one pair does not affect the others.
03
Messages are encrypted before they leave the phone
The server only ever sees ciphertext. Even with full logging, what hits disk is unreadable bytes.
04
Even a breached server cannot decrypt
The server never holds users’ private keys or session keys. Even if an attacker seizes the entire machine, walks off with every disk, and exfiltrates every log, no historical or future message can be decrypted.
05
Metadata minimization
Sealed Sender hides the sender. Private contact discovery prevents the server from seeing plaintext address books. Private groups conceal membership.
06
Memory-safe server
Implemented in Rust, eliminating buffer overflows, use-after-free, and similar memory-class vulnerabilities at the source.

* This section describes message-layer guarantees. Auxiliary features inherit the security profile of the upstream Signal protocols.

06Deployment

Two paths, same outcome.

Licensed by user count (50 / 100 / …). Exceeding the tier? Upgrade by email — no redeployment.

Self-Deploy

We hand over Docker images + a full manual

Complete server Docker images · ready to run
Android APK client
Step-by-step deployment manual
One-time payment · perpetual license

Email Us→

We Deploy

Recommended

We remote into your VPS until it’s production-ready

We connect to a VPS you provide
Deploy, connect, register — start to finish
On-site debug until verified working
One-time payment · perpetual license

Email Us→

07FAQ

Answers, up front.

01How does this differ from public Signal?

All data stays on your own server with no foreign-service dependencies. Identities do not require a real phone number. The client is adapted to connect to your private deployment.

02Can existing Signal clients connect?

No. You must use the Android client we provide, which is preconfigured for your private deployment.

03Do I need a domain name?

No. You can run on IP + self-signed certs, or purely on a private network.

04Where is data stored? Can I migrate it?

All data stays on the server you supply. Full-machine migration and disk imaging are supported.

05How many users can I license?

Licenses come in tiers of 50, 100, and beyond. Pricing on request via email.

06What happens if I exceed my user limit?

Email us to upgrade your tier — no redeployment required.

07Where can users get the client? Is it on app stores?

APKs are delivered to buyers via private links. They are not published on public app stores.

08Is iOS supported?

Currently Android only. iOS is on the roadmap.

09Will the server track upstream Signal updates?

At least two upgrades per year during the maintenance period — covering upstream Signal protocol updates and critical security fixes.