Why BOSkom?

Why conventional cloud services are problematic

Authorities and emergency service organisations are subject to special requirements for data protection and information security

CLOUD Act & Third-Country Access

WhatsApp (Meta), Telegram and Signal are subject to the CLOUD Act. US authorities can access stored data – even without the knowledge of those affected or the organisation.

EU Servers Alone Are Not Enough

The physical server location alone does not guarantee data sovereignty. What matters beyond that are organisation-wide policies, automated structures and complete data isolation at database level.

Metadata Analysis

Even with encrypted content, metadata is collected: who communicates with whom, when, how often and from which location. This data has high informational value.

Missing Data Isolation at Organisation Level

Conventional messengers are not designed for organisation-wide data isolation. Official and private communication takes place on the same devices – without technical separation at database level.

No Audit Logging

Without traceable logging, it cannot be proven who accessed which data and when. This is a compliance risk for authorities.

No Device Access Protection

Consumer messengers offer no way to enforce biometric unlock organisation-wide. Each member decides for themselves – a security risk with lost devices.

Our Security Architecture

BOSkom was designed from the ground up for the requirements of emergency service organisations

German Servers

All data is stored and processed exclusively on servers in Germany. German data protection law applies.

Tenant Separation

Complete data isolation between organisations through Row Level Security at database level. No cross-organisational access possible.

TLS 1.3 Transport Encryption

All data transmission uses TLS 1.3. No unencrypted communication between app, web interface and server.

Encrypted Storage

Data is stored encrypted (Encryption at Rest). Passwords are stored exclusively as cryptographic hashes.

Roles & Permissions

Three-tier role model (User, Manager, Admin) with graduated permissions. Access based on the principle of least privilege.

No Third-Country Transfers

No data sharing with third countries or third-party providers. No tracking services, no advertising, no data sharing with third parties.

Biometric Access Control

Administrators can enforce biometric app unlock organisation-wide. BOSkom does not store any biometric data – verification occurs exclusively on the device.

Audit Trail

Complete, tamper-proof logging of all system activities. SHA-256 hash chain for verifiable integrity.

Device Security at Organisation Level

With BOSkom, the organisation – not the individual member – determines which security policies apply to every device. Administrators can mandate biometric app unlock via fingerprint or Face ID.

Global security policies set by administrators
Enforceable biometric app unlock
Cannot be disabled by individual members
Uses native device security (Face ID, fingerprint)
No biometric data stored by BOSkom

BOSkom vs. Consumer Messengers

Feature

BOSkom

WhatsApp, Signal & Co.

Admin enforces app lock

User cannot bypass protection

Organisation-wide policy

No biometric data with provider

Biometric data remains exclusively on the end device.

Full control over access

With BOSkom, the organization decides who gets access to the app – not the individual member. No self-registration, no uncontrolled invitations. The admin retains full authority at all times.

Admin creates users and generates personal invitation codes
No self-registration – only invited persons receive access
Device connections revocable by admin at any time
Connection status in the app shows managed access
Complete access revocable instantly – without device access

Secure onboarding flow

Admin creates user

Invitation code generated

Member activates app

Connected & managed

Access revocable at any time

The admin can disconnect devices instantly – without physical access to the device. Former members lose access immediately.