Roadmap

This page describes the direction of travel for the SemaFore platform. Items are grouped by theme, not by quarter. Dates are not published. When capability ships, it moves to the Changelog.

Nothing on this page is a contractual commitment. If a specific capability is a requirement for your organisation, contact us directly.

In active development

These items are in the current engineering cycle and are expected to land in the near term.

Message delivery indicators Sent, delivered, and read states on private messages, displayed as tick indicators in the mobile conversation view. Recipients confirm delivery automatically on receipt; read state confirms on thread open. No message content is included in receipt events.

Organisational analytics An analytics dashboard in the admin portal covering message activity, member engagement, and platform usage over time. All metrics are aggregate and metadata-only — no message content is surfaced.

Mobile self-service signup Users who discover SemaFore via the App Store or Google Play can create their organisation without a desktop browser. The mobile app detects an unregistered phone number and guides the user through organisation setup. Phone verification carries over — no re-entry required.

Planned

These items are on the backlog with sufficient design clarity to name. Sequencing is subject to change.

Paid tier A paid subscription tier with higher member limits and additional administrative controls. The free tier (up to 5 approved members) remains available. Pricing will be published when the tier is launched.

Message expiry Organisation administrators will be able to set a retention policy that automatically removes messages after a defined period. Applies uniformly across all conversations within the organisation. Useful for compliance environments where indefinite message retention creates risk.

Group message send on mobile Completing the group messaging experience on iOS and Android. Group messages are encrypted per-device using the same Double Ratchet fan-out model as private messages — no shared group key.

SSO / SAML Single sign-on integration for organisations with an existing identity provider. Authentication via the SemaFore OTP flow remains available for organisations without SSO. SAML 2.0 is the initial target; OIDC to follow.

API access A documented REST API for integrating SemaFore with enterprise tooling — SIEM ingestion, HR provisioning, and custom admin workflows. Scope and authentication model to be confirmed ahead of release.

Government and defence tier

The following capabilities are planned specifically for government, defence, and regulated public-sector customers. They are not part of the standard commercial product.

Availability is by arrangement. If you are evaluating SemaFore for a government or classified-adjacent deployment, contact us at hello@attomus.com to discuss timelines and procurement.

Device attestation Integration with platform integrity APIs — Google Play Integrity on Android and Apple DeviceCheck / App Attest on iOS. Attestation confirms that a message was sent from an unmodified, genuine installation of the SemaFore app on an uncompromised device. The server can be configured to reject messages from devices that fail attestation. Intended for environments where supply-chain integrity of endpoints is a requirement.

On-premise deployment A self-hosted deployment option for organisations that require all data to remain on infrastructure under their direct control. Because the SemaFore server is plaintext-blind by design — it routes ciphertext and never holds decryption keys — the on-premise build does not require any architectural change to the security model. It requires operational support from Attomus or a designated partner. Suitable for air-gapped and classified network deployments where third-party infrastructure is not permissible regardless of encryption assurances.

Extended audit and compliance Configurable audit log retention beyond the standard 12-month period. Structured export formats aligned to DSAR and FOI workflows. Optional integration with government-approved SIEM and log management platforms.