Find answers to common questions about PRIVUS and SecurLine
SecurLine uses post-quantum encryption technology, making it secure against both current and future quantum computing threats. We employ the NIST-approved ML-KEM which was recently standardized in FIPS 203.
Encryption keys are always generated and stored on the device's Secure Enclave chip, never on our servers.
Because we not only use state of the art post quantum encryption, we also protect the device itself against sophisticated threats. No one else even tries to protect the phone itself, whereas we detect and alert to all types of sophisticated threats such as hooking, debugging, cloning, jailbreak, rooting, screenshots, reverse engineering, etc. In fact the additional protections we employ means we are also compliant with OWASP MASVS Resilience Requirements
SecurLine uses a number of crypto primitives, algorithms, protocols and open-source libraries, namely Custom PQ ZRTP, AES-GCM 256 AEAD, X3DH, Hybrid KEM with Curve25519/Kyber-Crystals 512, Open Quantum Secure libraries, SHA384, SHA512, mbedTLS, RSA 4096, TLS 1.2, SIP, SRTP, BZRTP implementation of the ZRTP protocol in accordance with RFC6189 supporting SHA512 Hash, AES256 Cipher, HS80 Auth Tag, SAS rendering B256 (PGP Word List) and PQ Hybrid Key Agreement.
What little data we have is stored in secure facilities in Switzerland and Germany, protected by some of the world's strongest privacy laws.
Great question. While many apps market themselves as secure anyone with access to the phone can read and exfiltrate their sensitive data. At PRIVUS we have anticipated this threat model. Due to customer demand, the latest version of SecurLine includes protection against this threat: all messages, attachments, contacts, call logs, etc are encrypted on the device and the key is stored in the Secure Enclave (iOS) or Key Store (Android) chips in your phone. You can enable biometrics or PIN protection so only you can open the app and access its sensitive contents. Furthermore, you can set an emergency wipe PIN that when entered will securely wipe all that data, making it impossible to recover by anyone, including us.
SpyCatcher works all around the world. Note however that different continents and some regions use different frequencies for GSM, so the actual devices will vary between continents.
Not necessarily. If you want to use SpyCatcher only as an IMSI detector with a visual alert on the device, you don't need an active SIM card. In most devices you do need a SIM card inserted in the device, even if not active. If you also want to use SpyCatcher as a fully working hotspot (recommended), then you will need to provide a SIM card with data available. This is recommended because A) It's useful to use the hotspot function and B) To get real time alerts on your SecurLine account. Without a SIM card with data SpyCatcher has no way of communicating out and therefore alerts will only be visual ones on the device itself.
No need to worry. SpyCatcher looks, feels and works like any regular hotspot on the market, so it won't draw any unwanted attention. You can choose what to show on its display - by default it shows our SpyCatcher logo but it can be configured to show the "normal" hotspot menu only while still providing its protection in the background.
This is also configurable according to the client's wishes. By default it sends informational alerts (like low battery alert so you can charge it) and 3 levels of Threat Alerts: Low, Medium and High (represented on its screen by yellow dots, orange dashes, or solid red, respectively). Red alerts are classified as High Severity and indicate an active IMSI catcher in your area. How you respond is up to you. Depending on your circumstances and threat model, you may want to turn off your phones until you are out of the area and tell your friends to do the same!
PRIVUS does not require your phone number or any other PII. We can not share what we never collect in the first place.
SecurLine's end-to-end encryption ensures that only you and your intended recipient can access the messages and calls. Not even PRIVUS has access to them.
PRIVUS does not collect or store personal data. PRIVUS SecurLine only requests application permissions that are essential for operation.
No, unlike others we take your privacy seriously and we never upload your contacts to our servers.
SecurLine is designed to work on all major smartphone platforms like Apple and Android.
We continuously monitor and update our security protocols to maintain the highest levels of protection.
No, PRIVUS is 100% privately funded. This allows us to maintain our independence.
Since the Danish Presidency of the EU decided to re-introduce this draconian and totalitarian piece of legislation, we have had many clients ask us how PRIVUS will be affected. Firstly, while Chat Control would be good for our business - as it would raise awareness among Europeans regarding their lack of privacy - as Europeans ourselves we totally oppose this grave threat to our way of life. Freedom of speech is the cornerstone of any functioning democracy. Without the sacrosanct right to privacy there simply is no freedom of speech and democracy. Secondly, we want to reassure our clients that PRIVUS will NEVER have any backdoor/AI scanning or whichever other euphemism for mass surveillance the politicians employ. As a Swiss company we answer to Swiss law only, regardless of whatever crazy laws Brussels passes! In the nightmare scenario that Chat Control actually becomes EU law and Switzerland passes similar legislation, then we would have no choice but to shut down our company in Switzerland and open it again in some jurisdiction that actually respects privacy, proportionality and the rule of law. So rest aussured we will always remain truly end to end encrypted without any compromises.
Download and install the SecurLine app on your phone and contact us at info@privus.io to get test credentials.
If you are an existing client just click login in the menu above and you can reset your password yourself on our PRIVUS Panel.
Yes, governmental bodies that require full data sovereignty may request a dedicated PRIVUS solution completely on premise.