Get the App
Secure Drop
Anonymous · Encrypted · No login required
Your message is sealed and anonymous. We cannot identify you. No account or login is needed.
Your message
Max 3 files, 10 MB each
Secure Channel
Anonymous · Bidirectional · Encrypted
Start an anonymous conversation. You'll receive a thread code to check for replies later.
Your message
Max 3 files, 10 MB each
Thread Code
Enter your thread code above to check for replies.
GeoLock

Location-Locked
Messages.

Lock encrypted messages to a specific place. Recipients can only decrypt and read when they are physically within the designated area. Geography becomes your encryption key.

Set the Lock Zone

Drop a pin, set a radius, and send. The message stays encrypted until the recipient enters the geofenced area.

City of Hats GeoLock Message Setup
City of Hats GeoLock Message Received

Locked Until
You Arrive

When a GeoLocked message arrives, the recipient sees it's locked to a location. The message remains encrypted and unreadable until their device confirms they're within the designated zone.

  • Location and radius displayed on a map so the recipient knows where to go
  • Message stays fully encrypted until GPS confirms position inside the zone
  • Once in range, decryption happens instantly — no extra steps needed

Encryption Meets Geography

GeoLock adds a physical dimension to your encrypted messages. Only the right person, in the right place, can read them.

Geofenced Decryption

Messages are locked to GPS coordinates with a configurable radius. The decryption key only becomes available when the recipient's device is inside the boundary.

GEOFENCE

End-to-End Encrypted

The message content is encrypted with a location-bound key. Even with access to the server, the message cannot be read without being in the right place.

ENCRYPTED

No Location Tracking

Location verification happens entirely on the recipient's device. City of Hats servers never receive, store, or process any GPS coordinates.

PRIVACY

Custom Radius Control

Set the unlock zone from a tight perimeter of a few meters to a broad area of several kilometers. You control exactly how precise the location requirement is.

CONTROL

How GeoLock Works

Four steps from composition to location-gated decryption.

1

Compose Message

Write your message as usual. Add any attachments — text, files, images. GeoLock works with all message types.

2

Set Location & Radius

Drop a pin on the map and set the unlock radius. This defines the geofence boundary where the message can be decrypted.

3

Send Locked

The message is encrypted with location-bound parameters and sent. The recipient receives a locked message with the target zone visible.

4

Arrive & Unlock

When the recipient enters the geofenced area, their device verifies position locally and the message decrypts automatically.

Compose
Write your message
Pin Location
Drop pin & set radius
Locked
Encrypted in transit
Unlock
Decrypt on arrival

When to Use GeoLock

Any time sensitive information should only be accessible at a specific physical location.

Secure Office Communications

Lock confidential documents to the office building. Employees can only read them when on-premises — not from home, not from a cafe.

Source Meetings

Journalists can send meeting details locked to the rendezvous point. The source only sees the information when they arrive at the location.

Legal Proceedings

Lock sensitive case files to the courthouse or law office. Documents remain encrypted outside the building perimeter.

Healthcare Facilities

Patient information locked to the hospital campus. Medical staff access records only when inside the facility — zero exposure outside.

Campus & Education

Exam materials locked to the testing center. Students can only access content when physically present in the exam room.

Field Research

Lock research data to the field site. Collaborators access findings only when at the designated research location.

What We Enforce

GeoLock is built on device-local verification and zero-knowledge architecture.

Enforced by Architecture

  • Location verification entirely on recipient's device
  • End-to-end encrypted message content
  • Geofence parameters encrypted alongside message
  • No server-side GPS data processing
  • Instant decryption when position is verified
  • Works with all message and attachment types

Never Allowed

  • No GPS coordinates sent to servers
  • No location history stored or logged
  • No remote decryption outside the geofence
  • No third-party location services used
  • No location data shared with sender after delivery