The only secure messenger
with built-in cyber intelligence.
Start encrypted conversations instantly — and detect breaches and risks directly in your chat.
No phone number. No email. No identity required.
Available on
Built for security teams, journalists, and high-risk communications worldwide.
Get started in 30 seconds
No phone number. No email. No sign-up form. Watch how to create your first anonymous Hat identity and start a secure conversation.
Talk freely. In any language.
City of Hats translates every chat in 50+ languages, instantly and end-to-end encrypted. No tabs, no copy-paste, no third-party translation servers. Type in your language — your contacts read in theirs.
- 50+ languages with automatic detection on every message
- End-to-end encrypted — translations never leave the secure channel
- One-tap See original toggle on every translated bubble
- Voice notes auto-transcribed and translated in the same flow
- Works in 1:1 channels, group channels, Dead Drops and EchoDrops
Secure messaging in seconds
Create a Hat
Pick a name — no phone number, no email, no personal information required. Your Hat is your anonymous identity.
Start a Conversation
Share your Hat code with anyone. Messages are end-to-end encrypted with Double Ratchet + post-quantum key exchange.
Call Securely
Encrypted voice and video calls — peer-to-peer, no metadata, no recordings. Something most secure messengers still cannot do.
Add Intelligence
Type "check email you@example.com" to run a security check — results arrive as a self-destructing secure report.
Everything you need for private communication
Anonymous Hat Identities
Create disposable or permanent identities. No phone number. No email. Switch hats for different contexts.
Military-Grade Encryption
Double Ratchet protocol with post-quantum CRYSTALS-Kyber key exchange. AES-256-GCM for every message.
Encrypted Voice & Video
Peer-to-peer encrypted audio and video calls. No metadata. No recordings. No logs.
Dead Drops
Send self-destructing messages that burn after reading. Set time locks, retrieval limits, and PIN protection.
GhostFrame
Hide encrypted messages inside ordinary images using steganography. The image looks normal — only City of Hats can decode it.
EchoDrop
Voice-passphrase triggered message retrieval. Speak the secret phrase to decrypt — all recognition happens on-device.
CHECK Intelligence Bot
Type "check email", "check phone", "check domain" inside the chat. Get instant security reports delivered as self-destructing secure reports.
Warrant Canary
Cryptographic transparency. A public, signed proof that no government data requests have been received.
Hide messages inside ordinary images.
GhostFrame uses steganography to embed encrypted messages within photos. Share a normal-looking image that secretly carries your confidential content — invisible to anyone who does not have the key.
- Embed text or data inside any photo — the image looks completely normal
- PIN-protected decoding — only the intended recipient can extract the message
- Invisible to detection — no visual difference between original and encoded image
- Steganographic encoding — data is woven into pixel values, not metadata
- Share anywhere — send the image through any channel, only City of Hats can decode it
Speak to unlock your messages.
EchoDrop is voice-passphrase message retrieval. Record a secret phrase when you send. The recipient must speak it back to decrypt. All voice recognition happens entirely on-device.
- Voice-passphrase triggered decryption — no passwords to type
- On-device voice recognition — nothing leaves the phone
- End-to-end encrypted at rest and in transit
- Set expiration timers and maximum retrieval attempts
- No transcript, no recording stored — zero-knowledge by design
Messages that burn after reading.
Dead Drops are self-destructing encrypted messages. Send sensitive information that disappears permanently after retrieval — no copies, no cache, no trace.
- Self-destructs after a single view — content is permanently erased
- Optional PIN protection — only the intended recipient can open it
- Time-locked delivery — set when the message becomes available
- Anonymous retrieval — no account required to receive a Dead Drop
- Server-side encrypted — even we cannot read the contents
Private groups, same security.
Build encrypted group conversations with your team or your circle. Same end-to-end encryption as 1:1 channels — every member ratchets independently. No group admin keys, no metadata leaks, no cloud backups.
- End-to-end encrypted multi-member channels
- Per-member double ratchet — Signal-style forward secrecy
- Invite-only via QR code or Hat ID — no phone numbers
- Every Security Mode works inside groups (View Once, Recall, Sealed File, etc.)
- Auto-Translate built in for multilingual teams
Controlled sharing, anywhere.
Drop a blurred preview into Facebook, iMessage, WhatsApp — anywhere. Recipients see only what you want them to. The full reveal stays inside City of Hats: encrypted, expiring, optionally PIN-locked or paid.
- Blur the whole image, reveal a peek, or hide a single spot
- Set expiry from 1 hour to never — your call
- Optional PIN, view-once, or pay-to-unlock with Stripe
- Branded social card with your custom on-image text
- Watermark survives Facebook / iMessage / Telegram crops
9 security controls no other messenger offers
Every message and file you send comes with Security Modes — granular controls that keep the sender in charge.
| # | Mode | Description | |
|---|---|---|---|
| 1 | View Once | Self-destructs after a single view | |
| 2 | Recall | Pull it back anytime, even after delivery | |
| 3 | Sealed File | PIN-locked; share the code on your terms | |
| 4 | Unlock Content | Recipient pays to access | |
| 5 | Verified Eyes Only | Requires biometric face liveness verification | |
| 6 | GeoLock | Only viewable from an approved location | |
| 7 | Voice Lock | Recipient must pass voice verification | |
| 8 | Hold to Reveal | Must physically hold the screen to read | |
| 9 | Certified Send | Opens in a Protected Viewer with cryptographic proof of who opened it and when |
View Once
Self-destructs after a single view
Recall
Pull it back anytime, even after delivery
Sealed File
PIN-locked; share the code on your terms
Unlock Content
Recipient pays to access
Verified Eyes Only
Requires biometric face liveness verification
GeoLock
Only viewable from an approved location
Voice Lock
Recipient must pass voice verification
Hold to Reveal
Must physically hold the screen to read
Certified Send
Opens in a Protected Viewer with cryptographic proof of who opened it and when
Cyber intelligence inside your conversations
No dashboard. No separate login. Just type a command in the chat.
What you get back
- Risk scoring and exposure analysis
- Credential detection across security databases
- Carrier verification and SIM swap detection
- IP reputation with VPN/proxy/Tor detection
- Results delivered as self-destructing secure reports
Secure communication for sensitive business conversations
Financial Services
Banks, investors, and advisors sharing confidential documents and market-sensitive communications.
Legal & Compliance
Law firms protecting attorney-client privilege. Compliance teams handling sensitive investigations.
Healthcare
HIPAA-sensitive communications between providers, patients, and insurers.
Journalism & Sources
Reporters protecting sources with anonymous identities and burn-after-read messaging.
Encryption that protects you today and tomorrow
Double Ratchet Protocol
Forward secrecy — every message uses a unique key. Compromise one, the rest stay safe.
Post-Quantum Key Exchange
CRYSTALS-Kyber hybrid key exchange protects against future quantum computing threats.
AES-256-GCM
Military-grade symmetric encryption for every message, file, and call.
Zero-Knowledge Architecture
We cannot read your messages. No cloud backups. No metadata harvesting. No logs.
Start a secure conversation now
No sign-up required. No personal information needed. Just pick a Hat and start chatting.
Free forever. Premium features available.
Available on