Security that goes all the way down.

Veil is built on a foundation of encrypted payloads, identity-aware key management, and admin-grade governance controls not bolted on after the fact.

Core security model

01.

End-to-end encrypted payloads

Every message is stored and transmitted as ciphertext paired with a nonce and version field. Plaintext never touches our servers not in transit, not at rest. There is nothing to intercept and nothing to leak.

02.

Identity-aware key management

Veil supports scoped identities and conversation-level identity switching. Key material is managed locally on your device. You control your cryptographic identity not us.

03.

Disappearing messages

Set timers on any conversation direct, group, or channel. Disappearing behaviour is enforced at both the client and server level, not just a UI toggle. Messages are gone on schedule, permanently.

04.

Device-level revocation

Workspace admins can list all active devices and revoke any of them instantly. Revoked devices are evicted from all active channel rooms in real time via the signaling layer no grace period, no delay.

05.

Screenshot protection

Workspace and group admins can enforce screenshot protection policies across all channels. The setting propagates automatically to every channel under that workspace one policy, applied everywhere.

06.

Encryption epoch control

Group and workspace encryption epochs increment automatically on membership changes, ensuring forward secrecy. Admins can also trigger manual re-keying and optionally require all devices to be online before an epoch advances.

Audit trail

Every admin action.
Fully on record.

Workspace administrators have full visibility into security-relevant actions through a structured audit log. Every record is sanitised before storage to prevent metadata leakage.

Membership changes logged

Security policy updates tracked

Device revocation events recorded

Invite creation and usage logged

Domain verification history stored

Workspace lifecycle events captured

Domain verification

Prove ownership.
Lock down your workspace.

Workspace admins can verify their organisation's domain via a DNS challenge. Once verified, membership and invite policies can be scoped to that domain keeping access tight.

Add your domain

Enter your organisation's domain in the workspace security settings.

Get a DNS token

Veil generates a unique DNS challenge token tied to your workspace.

Add TXT record

Publish the token as a TXT record in your DNS provider.

Verified

Veil checks your DNS and marks the domain as verified. Membership can now be scoped to it.

Ready to communicate securely?

Download Veil and take control of your conversations.

Download Veil