Rebranded Android & iOS clients
An OMEMO/XMPP chat application compiled with your branding — app name, bundle ID, accent colors, wordmark, splash, notification icon. Distributed via your Play / App Store listing, F-Droid repo, or direct download.
XMPP Chat Platform · optional add-on
Your brand.
Our encryption stack.
An OMEMO-encrypted XMPP chat application + a dedicated ejabberd server, both white-labeled to your name and domain. Pairs with HardenedOS device fleets, but ships standalone too. We run the cryptography, the server ops, and the update pipeline. You operate the brand.
What's included
The whole stack, wearing your colors.
Six layers between your customers and the cryptography — rebranded, hosted, and maintained for you. Your team owns the brand and the customer relationship; we own the parts that need an on-call rotation.
Dedicated ejabberd server
Managed ejabberd on your subdomain (e.g. chat.yourbrand.com). User JIDs, OMEMO encryption, MUC, MAM, file transfer, voice/video, TLS — handled. Federation enabled by default; disabled on request for closed-fleet deployments.
Branded admin portal
The same admin + reseller stack from mdm.hardenedos.com, served at admin.yourbrand.com. Manage users, expirations, device re-activations, audit logs, and (optional) reseller sub-accounts of your own.
Optional eSIM bundle
Pair the chat product with a global data eSIM under your brand. Coverage in 130+ countries; activation email and order page wear your logo. Same wholesale pipeline we use for direct customers.
Managed update channel
Security updates to ejabberd, libsignal, the chat app fork, and the admin portal pushed on a coordinated schedule. You get release notes; users get OTA app updates. We do the on-call.
Dedicated support contract
A named engineer assigned to your account. Priority response on incidents (4-hour P1, next-business-day P2), scheduled office hours, quarterly engineering check-ins. SLA tier scales with your deployment size.
How it fits together
Three layers, one operator boundary.
Your customers hit your domain, your app, your support email. Behind the scenes we run the encryption, the XMPP fleet, and the update pipeline. The line between you and us is a contract, not a deployment.
Customer-facing
Your surface
- yourbrand.com marketing site
- Branded Android & iOS chat apps
- Custom Play / App Store / F-Droid listing
- Support email + ticketing on your domain
- Reseller sub-portal (optional, your customers' resellers)
Managed by us
Behind the curtain
- ejabberd at
chat.yourbrand.com - OMEMO + libsignal cryptographic stack
admin.yourbrand.comportal infrastructure- Global eSIM & payment-partner pipeline (optional)
- Coordinated security update channel
Who this is for
Built for organizations that need a sovereign comms channel.
Not every encrypted-app idea needs to be built from scratch. White-label fits when the brand and the trust relationship already exist; the cryptography just needs a host.
Privacy-focused brands
Want a flagship encrypted-comms product but can't justify hiring a crypto engineering team to keep it running.
Enterprise security teams
Roll out internal end-to-end encrypted comms for executives, M&A teams, or investigative groups — under your own domain.
Government & NGOs
A sovereign comms channel on a domain you control, not a US-based silo. JID domain inside your jurisdiction, federation toggleable.
Journalism & human-rights orgs
Deploy secure comms to staff and sources without each person learning a new protocol. Bundle with HardenedOS devices for source-protection grade.
Hardware vendors
Ship pre-configured devices where the comms app is part of the device's identity, not a third-party add-on. Pairs natively with HardenedOS.
Legal practices
Privileged-communications channel between counsel, clients, and co-counsel. JID domain inside the firm, encryption end-to-end through every device.
Healthcare networks
HIPAA-aligned alternative to proprietary clinical-comms vendors. Self-hosted JID domain, OMEMO encryption, audit trail under your control.
Trading desks
Deal-room comms with a clean compliance trail. Encrypted at rest and in transit, retention controlled by your domain. Drop-in for compliance-grade IB / hedge-fund chat.
Privacy resellers leveling up
Outgrew the reseller portal and want full control of branding, JID domain, app-store presence, and user lifecycle.
Pricing model
Three components, quoted per deal.
White-label engagements are too varied for a public sheet. The components combine to fit your shape — for enterprise on-prem, the model shifts to a flat annual license.
One-time
Integration fee
Covers the rebrand, app store submissions, domain & cert setup, admin-portal customization, and the first-90-day handover.
Recurring · monthly
Platform fee
Tied to active-user count and feature scope. Scales with your usage; renegotiable on tier changes. Covers ejabberd hosting, admin portal, update channel.
Per bundle
eSIM bundle
Optional. Same wholesale model as our reseller program — quoted by plan, region, and volume.
For enterprise deployments with a fixed user count and on-prem XMPP servers, the model shifts to a flat annual license + support agreement.
How this combines with the device platform
Device fleet, chat platform, or both.
The XMPP Chat Platform stands alone — you can ship the chat app to phones we don't manage. But pairing it with a HardenedOS device fleet is where the fully-sovereign deployment lives.
Device only
HardenedOS devices, no chat platform
Your reseller fleet runs HardenedOS on Pixel hardware. Customers use whichever messengers you whitelist into the bundled-app catalog (Signal, Threema, Element, etc.).
- Hardened Android distribution
- White-label admin panel
- Tier-based policy + branding
Chat only
XMPP Chat Platform, on any phone
Stand up your own encrypted-comms product without the device side. Customers install the rebranded XMPP app on their existing iOS / Android phones.
- Branded XMPP/OMEMO clients
- Dedicated ejabberd at your subdomain
- Admin portal under your brand
Sovereign stack
HardenedOS + XMPP Chat Platform
The deployment most government, journalism, and high-stakes-comms customers ask for. One signing chain, one admin portal, one update pipeline — top to bottom.
- Pixel hardware, locked & attested
- HardenedOS distribution + DPC
- Branded XMPP/OMEMO chat app pre-installed
- ejabberd on your subdomain
- Single admin portal for both
Ready to launch under your brand?
Email us with a sketch of the product you want to launch — target users, rough scale, app-store / on-prem preferences, and any jurisdictional or compliance requirements. Feasibility note within two business days.