Location-Locked
Messages.
Lock encrypted messages to a specific place. Recipients can only decrypt and read when they are physically within the designated area. Geography becomes your encryption key.
Set the Lock Zone
Drop a pin, set a radius, and send. The message stays encrypted until the recipient enters the geofenced area.
Locked Until
You Arrive
When a GeoLocked message arrives, the recipient sees it's locked to a location. The message remains encrypted and unreadable until their device confirms they're within the designated zone.
- Location and radius displayed on a map so the recipient knows where to go
- Message stays fully encrypted until GPS confirms position inside the zone
- Once in range, decryption happens instantly — no extra steps needed
Encryption Meets Geography
GeoLock adds a physical dimension to your encrypted messages. Only the right person, in the right place, can read them.
Geofenced Decryption
Messages are locked to GPS coordinates with a configurable radius. The decryption key only becomes available when the recipient's device is inside the boundary.
GEOFENCEEnd-to-End Encrypted
The message content is encrypted with a location-bound key. Even with access to the server, the message cannot be read without being in the right place.
ENCRYPTEDNo Location Tracking
Location verification happens entirely on the recipient's device. City of Hats servers never receive, store, or process any GPS coordinates.
PRIVACYCustom Radius Control
Set the unlock zone from a tight perimeter of a few meters to a broad area of several kilometers. You control exactly how precise the location requirement is.
CONTROLHow GeoLock Works
Four steps from composition to location-gated decryption.
Compose Message
Write your message as usual. Add any attachments — text, files, images. GeoLock works with all message types.
Set Location & Radius
Drop a pin on the map and set the unlock radius. This defines the geofence boundary where the message can be decrypted.
Send Locked
The message is encrypted with location-bound parameters and sent. The recipient receives a locked message with the target zone visible.
Arrive & Unlock
When the recipient enters the geofenced area, their device verifies position locally and the message decrypts automatically.
When to Use GeoLock
Any time sensitive information should only be accessible at a specific physical location.
Secure Office Communications
Lock confidential documents to the office building. Employees can only read them when on-premises — not from home, not from a cafe.
Source Meetings
Journalists can send meeting details locked to the rendezvous point. The source only sees the information when they arrive at the location.
Legal Proceedings
Lock sensitive case files to the courthouse or law office. Documents remain encrypted outside the building perimeter.
Healthcare Facilities
Patient information locked to the hospital campus. Medical staff access records only when inside the facility — zero exposure outside.
Campus & Education
Exam materials locked to the testing center. Students can only access content when physically present in the exam room.
Field Research
Lock research data to the field site. Collaborators access findings only when at the designated research location.
What We Enforce
GeoLock is built on device-local verification and zero-knowledge architecture.
✓ Enforced by Architecture
- ✓ Location verification entirely on recipient's device
- ✓ End-to-end encrypted message content
- ✓ Geofence parameters encrypted alongside message
- ✓ No server-side GPS data processing
- ✓ Instant decryption when position is verified
- ✓ Works with all message and attachment types
✗ Never Allowed
- ✗ No GPS coordinates sent to servers
- ✗ No location history stored or logged
- ✗ No remote decryption outside the geofence
- ✗ No third-party location services used
- ✗ No location data shared with sender after delivery