Our Infrastructure

Privacy claims are easy to make. This page explains exactly who hosts your data, what software runs it, and why we made each choice — so you can evaluate the stack yourself rather than taking our word for it.

Hosting: Flokinet

All customer instances are hosted through Flokinet, a hosting provider based in Iceland and Finland with a specific focus on privacy-sensitive workloads. Flokinet serves journalists, activists, legal professionals, and organizations for whom confidentiality is non-negotiable. They have a documented track record of resisting abusive legal demands and have been recognized by digital rights organizations for their commitment to customer privacy.

Our servers are located in Finland. Finland is a member of the European Union and subject to the General Data Protection Regulation (GDPR) — one of the most comprehensive data protection frameworks in the world. GDPR establishes strict requirements for how personal data may be collected, stored, and disclosed, including meaningful limits on government access.

Flokinet is not affiliated with any intelligence-sharing alliance (including the Five Eyes, Nine Eyes, or Fourteen Eyes). This matters in practice: law enforcement requests must go through formal legal channels, and Flokinet has publicly stated they scrutinize and, where permitted, contest such requests.

Redoubt Systems is a US-based company. Legal requests for customer data would typically be routed through US legal process — and due to end-to-end encryption, we cannot provide access to message content regardless of the source of the request.

Protocol: Matrix / Synapse

Each customer instance runs Synapse, the reference server implementation of the Matrix protocol. Matrix is an open standard for real-time communication with end-to-end encryption built in. The cryptographic implementation — the Olm and Megolm ratchets — is based on the Double Ratchet algorithm, the same approach used by Signal.

Being open-source and open-standard means the protocol and server software have been reviewed by independent security researchers. There is no proprietary black box. If you want to verify the cryptography, the source code is publicly available.

We disable federation on all instances. Your instance communicates only with your own users — there is no cross-tenant data sharing and no connection to the broader Matrix network.

Client: Element Web

Your web-based chat interface is Element Web, the reference client for Matrix, built by Element (formerly New Vector). Element Web is open-source, actively maintained, and the most widely used and audited Matrix client available.

We deploy Element Web with Redoubt branding and a locked configuration: the homeserver is set to your instance and cannot be changed by users. We also disable open registration — only your instance administrator can create accounts. This keeps your environment fully controlled.

What This Means in Practice

• We cannot read your messages. End-to-end encryption is on by default. Messages are encrypted on your device and can only be decrypted by intended recipients.
• Your data does not leave your instance. There is no federation, no analytics pipeline, no telemetry sent to Redoubt or any third party.
• Your instance is isolated. Dedicated containers with private networking ensure complete separation from other customers.
• Legal requests yield limited data. If compelled, we can provide account metadata (email, username, connection timestamps) — not message content, which we cannot access.
• The software is auditable. Matrix, Synapse, and Element Web are all open-source. Our infrastructure choices are documented here, not hidden.

Questions?

If you have specific questions about our technical setup or security practices, email us at contact@redoubt.systems.