Security
Simvacy was designed from the ground
up with security and privacy in mind.
Our mission is to help people without digital backgrounds feel empowered and restore their privacy.
The number one problem with all social messaging apps is their need for a mobile number to use the app.
Unwittingly and seemingly without much alternative, we share our mobile numbers often freely, without concern for our privacy. With practically every fragment of our lives now available online, the need to be responsible with our digital footprint is increasingly critical to our personal security.
Simvacy’s ongoing mission is to help people regain control of their mobile identity. Everything about Simvacy was designed and built with security in mind.
Clear of influence
We are a bootstrapped team; driven by our mission to help people without digital backgrounds strengthen and sustain their privacy in an ever-shifting landscape.
Your data is yours
No offence, but we’re not interested in you. We only ask for an email address for service updates, and you can also pay in crypto. Oh, and just to mention, we can’t read your messages or listen to your calls.
Tried and tested
Our numbers and servers are encrypted and tested regularly by independent auditors. Simvacy performs penetration tests and engages independent third-party entities.
Security and privacy protection?
Simvacy generates encrypted local and international phone numbers unconnected to any of your personal details. They are purposely designed to work across all your favorite messaging apps without the inherent risks your personal mobile number brings. All incoming and outgoing calls and messages made out-of-app (WhatsApp, Signal etc) are rejected, ensuring that at no time can your personal number be exposed. At the back end, our infrastructure is built to hold the least amount of usage data. In fact, once you have verified your Simvacy number on your chosen messaging apps, we have zero data on you – the way it should be.
Reserving your personal number for the things and people that matter rather than sharing far and wide without hesitation is critical. By removing your personal mobile number on WhatsApp, Signal, Telegram, Clubhouse and more, you instantly eliminate possibilities for SIM hi-jacking, attempts at social engineering and data hacks. We have designed Simvacy with security and privacy at the forefront – we don’t rely on providing a free service in return for unfettered access to your data.
No. The only information we require is an email address (which can be a brand new one for all we care!). We don’t send emails unless there is a billing or service need to. You also use this to access your dashboard.
Apart from your login email address, there’s nothing else. Our technology stack outside of our own servers completely anonymises any usage. On top of that, once you have verified Simvacy on your chosen messaging apps there is no further usage recorded.
Yes, you can. For even further protection, you can opt to pay using your chosen cryptocurrency via Coinbase.
Simvacy performs penetration tests and engages independent third-party entities to conduct application-level penetration tests. Security threats and vulnerabilities that are detected are prioritized, triaged, and remediated promptly.
Simvacy performs background checks on all new employees at the time of hire in accordance with applicable local laws. Simvacy currently verifies a new employee’s education and previous employment and performs reference checks. Where permitted by applicable law, Simvacy may also conduct criminal, credit, immigration, and security checks depending on the nature and scope of a new employee’s role.
Simvacy runs its own servers in two high-security data centers of an “ISO 27001”-certified colocation partner in the European Union area. The state-of-the-art data centers include biometric access control. Authorized staff must pass two-factor authentication (2FA) a minimum of two (2) times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. These facilities are designed to withstand adverse weather and other reasonably predictable natural conditions. Each data center has redundant electrical power systems that are available twenty-four (24) hours a day, seven (7) days a week.
No, that is impossible, All messages sent using a Simvacy number within WhatsApp or Signal and all other messaging apps are protected by their E2E encryption. Simvacy is primarily used for verification purposes, with no in-app data sharing.
Great question. There are a few things at play here, firstly the numbers we store are fully encrypted. If our database was breached or hijacked, they would face considerable hurdles trying to decrypt thousands of numbers one by one, which is highly time-consuming when they have no clue to whom each number belongs, and neither do we, for that matter.
Additionally, altering routing would serve little purpose other than to simply annoy a user. All messages sent using a Simvacy number within Whatsapp or Signal are protected by their E2E encryption. Simvacy is primarily used for verification purposes, with no in-app data sharing.
Secondly, to make things much more complex, we’ve added for additional security thousands of non-active numbers into the database mixed up with the encrypted active numbers.
No, to ensure you don’t fall victim to SIM jacking crimes. this method involves taking control of your mobile number and is used to bypass two-factor authentication, any account connected to your phone number is at risk. Commonly, once your number has been SIM swapped, the hacker may attempt to use it to change the passwords of your accounts, and gain access to anything from your email, to your bank account, and cryptocurrency trading apps.
Messaging apps are vulnerable!
Cybercriminals are targeting the mobile channel more aggressively than ever before, and app developers must take a proactive approach to app security to combat this new aggression. The number of mobile malware attacking users of mobile devices is increasing rapidly each year.
Signal
Even Signal, the relative newcomer in the messenger app space, is far from perfect. Whilst it purports to be a privacy beacon amongst more shadowy messengers, Signal still requires users to disclose personally identifiable information, notably your personal phone number. The fact that Signal, being a US-based IT service provider, is subject to the CLOUD Act only makes this privacy shortfall worse.
With two billion global active users, WhatsApp is the most popular instant messenger. However, its widely accepted weak privacy protection, which results from the service’s business model, exposes too many avoidable risks.
Facebook, the owner of WhatsApp, generates its revenue simply by selling targeted advertisements. Therefore, the more data it has, the more it has to sell, and the more “value” they add to other corporations who want to use it – all at your expense. It will come as no surprise, WhatsApp cannot be used without disclosing personally identifiable information.
Telegram
Telegram entered the messenger market four years after WhatsApp, way back in 2013. It neatly positioned itself and still does, as the privacy messenger because corporate interests do not influence it. But it’s a myth to say it’s a safe and secure messenger. Telegram’s technology stack and servers rely on cloud-based solutions spread over multiple different locations to prevent service interruptions by state authorities.
This is no doubt welcomed, but it still leaves your messages permanently stored on its server, where they could, in theory, be read by the service provider at any time. And we come back to the number one problem with all messenger apps; they need your personal mobile number to use it.
