Synthèse de la propriété et de l’exposition au CLOUD Act.
French E2EE messenger (Olvid SAS, Paris, founded 2019), ANSSI CSPN certified, mandated for French government ministers; no phone number/identifier, content + metadata encrypted.
Olvid, dans la catégorie Visioconférence, est un service européen avec France comme lieu d’hébergement et tout au plus une exposition américaine mineure et transitoire au titre du CLOUD Act.
Olvid SAS (26 rue Vignon, 75009 Paris; SIREN 850 667 171; founded 2019 by four founders incl. two cryptography PhDs) is the only messaging app certified ANSSI CSPN (iOS 2020, Android 2021, audited by Synacktiv with public reports) and was mandated by the French Prime Minister's Nov 2023 circular for government ministers and cabinets, replacing WhatsApp/Signal/Telegram from Dec 2023. Both message content and metadata are end-to-end encrypted; no phone number, email or identifier is required, and Olvid's servers cannot determine who talks to whom — a stronger metadata posture than Signal or WhatsApp. EU-owned French SAS, founder-controlled, no US capital on record; open source (AGPL-3.0) including the server. The one gap that holds this below a 5: core infrastructure runs on AWS (a US provider), so cloud_act_exposure: minor applies at the host level even though the zero-knowledge design means the host never sees plaintext or metadata; there is also no standalone published DPA/sub-processor page. No SecNumCloud — Olvid argues it is less relevant for a zero-knowledge service.
Le degré d'exposition des données clients aux autorités américaines au titre du CLOUD Act.
Où se situe le contrôle ultime de la société exploitante.
Olvid is a French end-to-end encrypted messaging application developed by Olvid SAS (26 rue Vignon, 75009 Paris; SIREN 850 667 171), founded in 2019 by a four-person team including two PhD cryptographers, Thomas Baignères (CEO) and Matthieu Finiasz (CTO). It is best known as the only messenger to hold France's ANSSI CSPN (Certification de Sécurité de Premier Niveau) — obtained for iOS in 2020 and Android in 2021 following technical audits by Synacktiv, whose evaluation reports are published openly — and as the messenger mandated by the French Prime Minister in a November 2023 circular for ministers and ministerial cabinets, replacing WhatsApp, Signal and Telegram from December 2023.
The architecture is unusual even among privacy messengers. Olvid requires no phone number, no email, and no identifier of any kind: users connect by exchanging cryptographic identities (typically a QR-code scan or invitation link), and Olvid maintains no central directory of users. Both the content and the metadata of every message are end-to-end encrypted, using a custom protocol with forward secrecy via single-use ephemeral keys (formally validated academically by Michel Abdalla, ENS/CNRS). Because the server holds no decryptable data and plays no role in the security model, it cannot determine who is communicating with whom — closing the metadata gap that even Signal leaves partially open. The clients and the message-distribution server are open source on GitHub under AGPL-3.0.
The product is freemium and three-tier. Free covers all core consumer messaging (unlimited messages, attachments, groups, ephemeral messages, multi-profile, Olvid Web, inbound calls) on iOS, Android, Windows and Linux. Business (€9.90/user/month, billed annually) adds outbound calls, multi-device and license management. Enterprise (€9.90/user/month plus a flat annual platform fee) adds a Management Console, SSO, central user/group management, instant revocation, MDM deployment and Olvid Bots. There is no self-hosted/on-prem edition. The principal sovereignty caveat for a strict procurement reviewer is that the backend runs on AWS — a US provider — so US CLOUD Act jurisdiction reaches the infrastructure layer even though the zero-knowledge design means the host never sees message content or metadata. Best fit: French and EU public-sector buyers and regulated organisations that want a government-grade, ANSSI-certified WhatsApp/Signal replacement with the strongest available metadata privacy; privacy-conscious individuals who want a messenger with no identifier at all.
UK-headquartered open-source Matrix protocol commercialisation; powers Bundeswehr BwMessenger + French Tchap + NATO + UN.
Norwegian Euronext-listed (Oslo Børs) video collaboration platform, defense + government grade; self-host or hyperscaler-cloud-of-choice.
UK-incorporated open-source E2EE messenger (SimpleX Chat Ltd, 2021) with no user identifiers of any kind; Double Ratchet + post-quantum key exchange; self-hostable relays, twice audited by Trail of Bits.