Messages that only open where you say so.
Secure Envelope is a location-gated, zero-trust messenger. Your message stays sealed until your recipient is exactly where you've defined—and only then does it unlock on their device.
- ✓End-to-end encrypted, location-aware delivery
- ✓Sender-defined unlock zones
- ✓Ephemeral, low-footprint transcripts
Pick a mailbox · Encrypt · Deliver
[Encrypted payload preview]Turn "Where are you?" into a cryptographic rule.
Most messengers stop at "who" you are. Secure Envelope adds "where" you are to the equation.
Instead of messages unlocking anywhere a device happens to be, Secure Envelope binds access to real-world context. You pick the zone—an office, a corridor, a rooftop, a vault—and messages stay sealed until a verified device is inside that zone and authenticated.
Outside the zone?
The envelope stays shut.
Inside the zone?
The envelope quietly opens and then can disappear again.
No extra apps. No special hardware. Just a focused, high-integrity messenger built for people who care where sensitive data is actually being read.
Free (Limited Use)
Perfect for pilots, sensitive one-offs, and small teams.
- •25 location-locked messages per month
- •250 MB encrypted storage (10 MB per message)
- •Optional auto-expiration after viewing
- •Simple onboarding with invite links
- •Great for proving the workflow with colleagues and stakeholders
Premium (Unlimited Use)
For teams that need consistent, high-integrity messaging with environmental controls.
- •Unlimited secure messages (10 MB per message)
- •25 GB encrypted storage (fair-use policy)
- •Fine-grained, high-precision access zones
- •Shared mailboxes and team-level controls
- •Structured activity logs and priority support
- •Annual option: $99.99/year (save 17%)
Three steps to a controlled conversation
Create a secure mailbox
Define who you're talking to and the area in which they're allowed to read. You set the rules: zone size, duration, and whether the message vanishes after it's been seen.
Encrypt and deliver
You compose your message in the Secure Envelope client. It's encrypted on your device and sent as a sealed envelope through a zero-knowledge transport layer.
Recipient unlocks in place
When your recipient signs in and their device satisfies your access conditions, the envelope unlocks on their screen. Step out of bounds, change environment, or let time expire—and access stops.
From your perspective: you never send "open text" out into the world.
From theirs: it "just works" when—and only when—they're where they're supposed to be.
Built for people whose messages actually matter
Field & Operations Teams
Delay-sensitive instructions that should never live in a generic chat history. Deliver them inside controlled areas and let them expire on their own.
Executives & Private Wealth
Authorizations, approvals, and decisions that don't belong in email or SMS. Restrict sensitive actions to trusted offices, vaults, and controlled environments.
Healthcare & Compliance
Results, records, and operational notes that must stay within authorized zones. Let staff unlock what they need on-site—without leaving trails across personal devices.
High-Risk Roles & Kiosk Deployments
Shared terminals, front-line endpoints, and devices in exposed environments. Give them just-in-time access with tight geographic boundaries and automatic cleanup.
Features & Technology
Location-gated encryption
Secure Envelope adds a location-aware access layer in front of decryption. Before content can be read, the system confirms both a verified user session, and a device environment that satisfies the sender's geographic rule. If those conditions aren't met, the payload remains encrypted and inert.
Device-held identity
Encryption keys are generated and stored on the client side. Identity is anchored to the user's own devices rather than phone numbers or SIM-based accounts, reducing centralized key exposure.
Ephemeral by default
You decide how long content should exist after it's been unlocked: single-view messages that disappear after reading, time-boxed access windows, or short-lived chat sessions that clean up as they go. The goal is simple: less residue, fewer transcripts, smaller blast radius.
Zero-knowledge transport
Secure Envelope is designed so that the service relays ciphertext only. It doesn't need access to your keys or your plaintext to deliver messages, and it maintains only the minimal metadata required for routing and abuse prevention.
Context-sensitive security
For high-risk deployments, Secure Envelope plays well with managed devices, kiosk modes, and hardened browsers. You decide how locked down the endpoints should be; Secure Envelope provides the location-and-identity gate on top.
Example Patterns
How teams put location-gated messaging to work
(Fictionalized patterns to illustrate what's possible)
Field Operations — "Read it only in the zone"
Ops staff create envelopes tied to a specific operating area. Instructions stay sealed until the device is physically inside that zone. Step outside and the session closes. No wandering screenshots, no stray threads in personal apps.
Executive Approvals — "Decisions stay in the room"
Approvals for large transfers, sensitive hires, or strategic moves only unlock in designated offices or secure spaces. Even if someone forwards the link, it's useless anywhere else.
Healthcare & Compliance — "Clinical data, clinical context"
Sensitive results and operational updates become available only when clinicians are on-site in approved areas. Nothing spills into personal inboxes, SMS logs, or mixed-use devices beyond the controlled space.
Kiosk & Shared Devices — "Secure conversations on unsecured hardware"
Shared or publicly accessible devices can still be used for high-integrity messaging when combined with location-gated access and strict expiration. Unlock, read, close—and leave nothing behind.
Why Secure Envelope isn't just another secure chat
Secure Envelope doesn't compete to be your "everything app." It's the tool you reach for when it matters where sensitive data is read.
| Capability | Secure Envelope | Typical Consumer Chat Apps |
|---|---|---|
| Access model | Identity + environment (location-aware) | Identity only |
| Where messages unlock | Only inside sender-defined access zones | Anywhere the account is signed in |
| Data retention | Optional expiration and ephemeral behavior | Long-term, multi-device sync and cloud backups |
| Key custody | Device-held, client-side | Often managed and recoverable by the service |
| Visibility | Open foundations, documented security principles | Opaque clients and limited architectural transparency |
FAQ
Is this production-ready?
Yes. Secure Envelope is built with modern security controls and hardened browser behavior in mind. For higher-risk environments, we recommend pairing it with managed or kiosk-style deployments.
Can I send emails through Secure Envelope?
Yes. You can deliver content via deep links in email. The message itself still unlocks only inside the Secure Envelope client, under the access rules you've defined.
Can the service read my messages?
The system is designed so that encryption and decryption happen on user devices, with keys staying client-side. The service relays ciphertext and minimal routing metadata only.
What happens if I lose my device or clear my data?
If you lose access to your keys, previous messages may no longer be decryptable. You can generate new keys and continue using the service going forward. This is intentional, to protect past conversations.
How does location-based access actually work?
Before a message can be read, the client checks whether the device environment satisfies the sender's configured access conditions, which include a geographic component. When those conditions fail, the content remains sealed.
Can someone bypass the location gate by modifying the client?
Tampering with the client does not create the missing decryption material. For high-risk scenarios, pairing Secure Envelope with managed devices or kiosk modes provides an additional layer of assurance.
Do messages auto-delete?
They can. Senders can configure expiration behavior so that content disappears after viewing or after a defined window, reducing long-term exposure.
Does Secure Envelope work on mobile?
Yes. Secure Envelope is optimized for modern mobile browsers and can be installed to the home screen for an app-like experience.
What if GPS or location data is unreliable?
You can choose access regions that fit your environment. In areas with poor signal or unreliable sensors, larger zones or fallback workflows may be appropriate.
Do you support group messaging?
Right now, Secure Envelope is focused on high-integrity one-to-one messaging. Group flows are on the roadmap but are not part of the initial release.
Can I export messages or keys?
Secure Envelope is optimized for ephemeral communication rather than archival. If you need to preserve specific content, you should do so before it expires.