A single roll-up of ownership and CLOUD Act exposure.
UK-incorporated open-source E2EE messenger (SimpleX Chat Ltd, 2021) with no user identifiers of any kind; Double Ratchet + post-quantum key exchange; self-hostable relays, twice audited by Trail of Bits.
SimpleX Chat, in the Video conferencing category, is a European service with United Kingdom as its hosting location and at most minor, transient US exposure under the CLOUD Act.
SimpleX Chat Ltd (London, Companies House 13691484, incorporated 2021) operates SimpleX — described as the first messaging network with no user identifiers of any kind, not even random IDs: identity is pairwise per-queue using separate unidirectional message queues per contact, so relays never see a global user graph and store no profiles. Messages are E2EE (Double Ratchet over Curve448 with a post-quantum-resistant key exchange added each ratchet step) and deleted on delivery or after 21 days; private message routing splits metadata across operators. Audited twice by Trail of Bits (2022 implementation, 2024 cryptographic design) with no critical findings; open source under AGPLv3, with self-hostable SMP/XFTP servers (deployable on EU infrastructure). Two caveats keep this below a 5 for a strict EU-sovereignty reviewer: the company is UK-incorporated (GB — not EU, though the UK holds EU adequacy), and it is VC-backed including US investors (2024 round led by Jack Dorsey with Asymmetric Capital Partners; investments disclosed as passive, no board seats). Default-server hosting country is not transparently disclosed — the honest EU-fit angle is self-hostable in the EU with no server-side identity, not EU-hosted by default.
How exposed customer data is to US authorities under the CLOUD Act.
Where ultimate control over the operating company sits.
SimpleX is an open-source end-to-end encrypted messaging network operated by SimpleX Chat Ltd (London, Companies House 13691484, incorporated October 2021; first app March 2022), founded by Evgeny Poberezkin. Its defining claim — which holds up against the source code, privacy policy and Trail of Bits' design review — is that it is the first messenger with no user identifiers of any kind. There is no account, no username, not even a random global ID: identity is established pairwise, per contact, using separate unidirectional message queues, so the relay servers only ever see per-queue addresses and can never reconstruct who is connected to whom. User profiles exist only on-device.
Cryptographically, SimpleX uses the Double Ratchet algorithm over Curve448 keys with an additional NaCl cryptobox layer at the queue level, fixed-size message padding, and TLS 1.2/1.3 with restricted ciphers; a post-quantum-resistant key exchange is performed on every ratchet step. Relays hold only E2EE blobs that are deleted on delivery or after 21 days. Metadata privacy is further hardened by private message routing (v6+) and the option to route through a second independent operator (Flux) to split metadata between operators. The implementation was audited by Trail of Bits twice — a 2022 implementation review and a 2024 cryptographic-design review — neither finding critical issues. Everything is open source under AGPLv3 (github.com/simplex-chat/simplex-chat), and both the messaging (SMP) and file (XFTP) servers are self-hostable, including on EU infrastructure.
The app is free — there is no paid tier; the project is funded by investment and donations. It ships consumer apps for iOS, Android, desktop and a terminal CLI, with DMs, groups, channels, audio/video calls, a business-chats feature and a bots API. The honest fit for an EU-sovereignty buyer is nuanced: SimpleX is UK-incorporated (GB — outside the EU, though the UK holds an EU adequacy decision), and it is venture-backed including US investors — a 2024 pre-seed round was led by Jack Dorsey alongside Asymmetric Capital Partners, on top of a 2022 round from Village Global and angels (all disclosed as passive, no board seats). The default preset relays' hosting country is not publicly disclosed. So the strongest privacy story here is the architecture (no identifiers, self-hostable, twice audited), not EU ownership or EU-default hosting. Best fit: privacy-maximalist individuals and teams who can self-host relays in the EU and want the strongest available metadata and identity privacy; not the pick for a buyer whose binding constraint is EU ownership or a published DPA.
UK-headquartered open-source Matrix protocol commercialisation; powers Bundeswehr BwMessenger + French Tchap + NATO + UN.
French E2EE messenger (Olvid SAS, Paris, founded 2019), ANSSI CSPN certified, mandated for French government ministers; no phone number/identifier, content + metadata encrypted.
Norwegian Euronext-listed (Oslo Børs) video collaboration platform, defense + government grade; self-host or hyperscaler-cloud-of-choice.