Whatping started from a simple discomfort: the conversations and documents that matter most — a deal, a case, a diagnosis, a board decision — were running through tools designed for convenience, where the provider can read everything. “Trust us” is not a security model.

So we built the opposite. Identity and media keys are generated in your browser. Every room is an MLS (RFC 9420) group, and chat, audio, video and screen-share keys are derived from it. Our relay and media servers move encrypted bytes they cannot read. We prove that property with end-to-end tests — a wrong-key participant decodes zero frames — rather than asserting it in a policy document.

We’re a small, focused team, and we’re honest about where we are: the crypto core builds on the MLS standard and is continuously tested; formal external audit and SOC 2 / ISO 27001 are on the path as we onboard design partners. If certification status matters to your procurement, ask us directly — we’ll tell you exactly where things stand today.

You can use Whatping hosted in the EU or Switzerland, run it single-tenant, or self-host the entire stack inside your own perimeter. Your data, your jurisdiction, your keys.