Private preview. You're viewing a password-protected beta site for team and partners — not a public launch.

Halo Business · for teams & organizations

End-to-end encrypted, with a screening door.

Halo is private messaging for families, faith networks, sheriff's departments and law-enforcement associations, and small organizations — built on the same cryptography as Signal, with verified-contacts screening and quiet scam-pattern detection that protect your people without scolding them.

Request early access What makes Halo different

Born Between Generals, LLC secure communications platform

Two products, one mission: safer channels for people who cannot trust default messengers — whether that's a family group chat or a dissident reporting abuse. Separate codebases, separate threat models, shared engineering discipline.

Product 1 · In private beta

Halo

End-to-end encrypted messaging with a screening door — verified contacts in your inbox; everyone else waits in Screening until you decide.

  • Live in prototype E2EE + verified-contacts routing
  • Live in prototype Six-layer anti-scam stack
  • Live in prototype Family, faith, company, government contexts
  • Next Native iOS, Android, desktop apps
  • Next libsignal Double Ratchet on-device
  • Next SAML/OIDC SSO + SOC 2 pack for org buyers

For families, congregations, sheriff associations, and small orgs.

Product 2 · Lane 1 build underway

Conduit

High-assurance anonymous reporting and vetted Hero responders — compartmented so no single operator sees the whole case.

  • In development Anonymous reporter keypairs (no PII signup)
  • In development Triage → function-team routing
  • In development Hash-chained audit ledger
  • Planned Federated onion routing + transport obfuscation
  • Planned Multi-org consortium vetting interface
  • Planned Regional mini-HQ token shards (CH, IS, US)

For dissidents, abuse survivors, witnesses, and vetted journalists, lawyers, and clinicians serving as Heroes.

Conduit preview (team)

Shared platform capabilities (rolling out across both)

Audit & accountability

Append-only, hash-chained logs for privileged actions — exportable for independent verification.

Tokenized operators

Heroes and admins work under rotating tokens, not personal handles in the operational layer.

Trauma-informed UX

Systems state what they noticed; they never scold users or manufacture urgency.

Partner-grade preview gates

Password-protected Vercel previews for team review before public launch.

From the project lead

A short walkthrough — what Halo does, why we built it, and what's next.

Kristen Hall · Born Between Generals, LLC R&D

The problem

Four audiences with overlapping needs.

Families sending photos, schedules, and conversations through iMessage, WhatsApp, and SMS have no real privacy and no parental visibility. The scam landscape they face is increasingly targeted: grandparent scams, romance scams, fake-emergency money asks. Existing parental-control tools don't encrypt; existing encrypted messengers don't help parents.

Faith networks — churches, ministries, congregations — handle pastoral conversations, prayer requests, counseling, and confidential staff coordination over consumer messaging tools that weren't built for any of it. Clergy-confidentiality statutes apply; consumer messengers don't honor them.

Sheriff's departments and law-enforcement associations need private channels for sensitive cases, victim correspondence, and inter-agency coordination — without surrendering content to platforms whose policies they don't control. The same departments are often understaffed for the cybersecurity posture buyers expect of them.

Small organizations — nonprofits, family businesses, community groups — communicate over Slack, Teams, and email with no end-to-end encryption, no audit posture, and no control over what large platforms see, train on, or moderate.

Existing E2EE tools (Signal, WhatsApp, iMessage) lack admin controls, family hierarchy, parental visibility, and meaningful anti-scam protection. Existing anti-scam tools (Bark, Aura, Gabb) lack end-to-end encryption. No one has paired the two.

How it works

Three steps. No tutorial required.

1

Install Halo.

Halo runs in your web browser today. Native apps for iOS, Android, and desktop are next. Signing up takes about a minute. Your private keys are generated on your device, not ours — the cryptography is real before you ever send a message.

2

Verify your contacts.

Add the people you trust — family, your team, your congregation, your fellow officers. Their messages land in your inbox with a quiet green trust badge. Everyone else lands in your Screening folder, where you read at your own pace and decide who joins your conversation.

3

Send safer.

Write a message; it's encrypted end-to-end before it leaves your device. The server stores ciphertext and routing information — not your words. Anti-scam protection runs quietly in the background. You only see it when something deserves your attention, and even then, the decision is yours.

What makes Halo different

Six things working together that you won't find in iMessage, WhatsApp, or even Signal. Each one is the kind of thing you stop noticing once it's there — and miss the moment it isn't.

1

Strangers can't reach you uninvited.

People who aren't already in your contacts can't drop into your inbox. Their notes wait in a separate Screening folder until you choose to read them. Nothing is urgent. Nothing demands a response. You decide who joins your conversation.

2

Scam-pattern detection that doesn't shout.

Every message in Screening is checked for the fingerprints of common scams — urgency manipulation, fake authorities, money asks, credential theft, threats, romance lures, and suspicious links. Flagged messages display a calm note explaining what was detected. The system never tells you what to do; it tells you what it noticed. The choice belongs to you.

3

Geographic awareness, without paranoia.

Messages from accounts that signed up in regions associated with known scam operations get extra scrutiny. The signal flows to administrators for investigation; you just see the same calm screening interface. No country is demonized to your face. Real users travel and use VPNs, and Halo respects that.

4

Scam waves caught across the network.

When the same scam pattern hits multiple Halo users at once, the system recognizes the wave and warns each recipient — even if they've never seen it before. The defense scales with the community: your protection improves every time someone else gets the same message you did.

5

Trust scores you can actually read.

Every account has a 0-to-100 trust score derived from account age, verification level, contact graph, and prior reports. A green, yellow, or red dot tells you at a glance who you're hearing from. The numbers are visible; the reasoning is auditable; the score updates as the picture changes.

6

One-tap report, routed correctly.

Every message has a Block + Report button. One tap blocks the sender, moves the message out of view, and submits a report. Financial fraud routes to the FTC and FBI IC3. Child-safety patterns route to the NCMEC CyberTipline. Identity theft routes to identitytheft.gov. Reporting should be the easy choice, not a research project.

Where Halo fits

Halo's wedge isn't novel cryptography. The cryptography is the same as the best in the industry. The wedge is what surrounds the cryptography — screening, scam protection, and a product layer designed for families, faith networks, law enforcement, and small organizations.

Capability Signal WhatsApp iMessage Halo
End-to-end encrypted by default Apple-to-Apple only
Verified-contacts screening
Built-in scam-pattern detection Limited (forwarding indicators)
Parental controls / family hierarchy Limited
Org admin console + audit logs
Independent of a Big Tech parent Meta Apple
Compliance posture for SMB buyers Planned

Comparison reflects publicly documented features as of 2026. WhatsApp's forwarding indicators and Apple's Screen Time controls are real; neither is the same shape as Halo's screening folder + scam-pattern band.

Early pricing

Working numbers, not commitments. We're listening for what real families and real organizations actually need before we set a final price.

Family

$9.99 / month

or $99 / year

  • Up to 6 family members
  • Parental visibility and controls
  • Family group, opt-in location sharing
  • All anti-scam features included

Company (SMB)

$9 / user / month

5-seat minimum

  • Admin console + audit logs
  • Role-based permissions
  • Retention policies
  • SSO; SOC 2 documentation

Community license

Negotiated

Sheriff associations, dioceses, AF chapters

  • Flat-rate institutional pricing
  • Volume tiers for chapters and stations
  • Community-trained onboarding
  • Dedicated point of contact

If you have a specific need — a small church staff, a sheriff's department, a family with sensitive privacy concerns — we'd rather hear it than guess. Tell us.

What's working today

Halo's working web prototype runs end-to-end on a developer laptop. Verified properties from the most recent build:

  • Ciphertext only on disk. The message database contains no plaintext; encryption happens before storage and decryption only at the moment of read.
  • Verified-contacts routing. Messages from contacts land in the inbox; messages from anyone else land in the Screening folder, every time.
  • All six anti-scam mechanisms wired up — screening, scam-pattern scan, geographic awareness, scam-wave detection, trust score, and one-tap report.
  • Group chats with end-to-end encryption fan-out per recipient. Any signed-in user can create a group, name it, and add members. Photo attachments included — each photo encrypted to each recipient's key.
  • Encrypted photo attachments in 1:1 messages and group threads. JPEG / PNG / GIF / WebP up to 2MB. Photos from unverified screening senders aren't auto-rendered — they wait for approval first.
  • Family hierarchy with parental visibility. Parents can review their kids' inboxes and screening folders and approve or block on their behalf. Every parent-view writes an audit entry; kids can see when a parent looks. Built on a key-escrow design so parents never hold their kids' passwords.
  • Multi-tenant organizations across all four contexts — one Family group, one Government department (Pleasant Hill Sheriff's), one Company (Pleasant Hill Coffee Co.), and one Faith network (First Community Church) seeded. Owner / admin / member roles, org-scoped audit log, admin gating.
  • Self-serve registration with TOTP-based MFA. Visitors create an account in any of the four contexts and add an authenticator-app second factor from /settings. Production will add invite codes, email verification, and CAPTCHA.
  • Password change that re-keys the envelope. The password is the key to your private-key envelope, so changing it re-seals the envelope (and any family-key envelopes a parent holds for their kids) without losing access to a single message.
  • Encrypted backup + restore + import. A single passphrase-protected file holds your private key, contacts, group memberships, and decrypted messages. Portable; the passphrase is the only authority. The "Restore preview" view decrypts a backup read-only; the "Import" path actually creates a new working account from the backup on a fresh device, recovers the keypair, re-encrypts every message to the recovered public key, and signs you in.
  • Org admin console. Owner / admin / member roles, member invite + role editor + remove from inside the org dashboard, configurable retention policy with one-click "apply now," and org-scoped audit with CSV/JSON export.
  • Federated report routing. One-tap report categorizes the scam, picks the right authority set (FTC, FBI IC3, NCMEC for child-safety patterns, identitytheft.gov), and builds a payload schema that mirrors each agency's public report form. Every payload lands in the audit chain so reviewers can independently inspect what would be sent.
  • Account deletion via cryptographic erasure. Deleting your account destroys your private-key envelope. Messages still on disk that were encrypted to you become mathematically unreadable. The cryptography does the erasure on top of the database delete.
  • Hash-chained audit log with CSV/JSON export — admin-wide and org-scoped. Tampering breaks the chain and is detectable; the export carries the chain hash for independent verification.
  • Account-safety alerts for new-device logins, failed-auth thresholds, message volume, geographic flags, and scam-wave matches.
  • Calm, trauma-informed UI voice. Anti-scam features state what they noticed; they never scold the recipient or pressure a decision.

Platform roadmap

Halo and Conduit ship on independent schedules. This is what we're building toward across the platform.

Halo — consumer & organizational messaging

The prototype proves the architecture. The next stretch of work moves from prototype to production:

  • Native mobile and desktop apps. iOS, Android, macOS, Windows, Linux — with secure multi-device sync via Sesame.
  • Real libsignal integration. The same library that powers Signal and WhatsApp, running on your device. Forward secrecy and post-compromise security via the Double Ratchet algorithm. Your private keys never leave your phone or laptop.
  • Admin console: SSO + SOC 2 documentation. Owner / admin / member roles, member invite + role editor + remove, retention policy with one-click apply, org-scoped audit + CSV/JSON export are all in the prototype. Phase 1 adds SAML/OIDC SSO and the SOC 2 Type II documentation pack organizational buyers expect.
  • Real partner submission for federated reports. The prototype routes scam reports to the right authority (FTC, FBI IC3, NCMEC CyberTipline, identitytheft.gov) and builds a payload matching each agency's public form structure. Phase 1 adds credentialed submission via the FTC Partner Portal, NCMEC ICAC API, and IC3 partner channel.
  • Machine-learning scam classification running on-device after decryption — same defense, no plaintext on the server.
  • Compliance work — SOC 2 Type II for the Company license, COPPA-compliant flows for Family.
  • Pilot deployments with one family cohort, one congregation, one sheriff's department, and one small organization.

Conduit — high-risk reporting (Lane 1 first)

  • v0 alpha (now): Reporter submit, Triage routing, function-team queues, encrypted case channel, audit ledger prototype.
  • v0 beta: Consortium vetting UI, burn protocol, warrant canaries, plausible-deniability client modes.
  • v1.0: Mixnet channel, file attachments, push (where safe), Linux desktop client.
  • v1.1+: Mesh/offline, inbound truth delivery, cyber-threat sandbox (Lanes 2–3 per spec).

More details available on request to qualified reviewers. Conduit documentation suite in private repository.

Request early access

Halo's private beta is forming. If you're a family looking for safer messaging, a faith leader thinking about pastoral confidentiality at scale, an officer or association needing private channels for sensitive cases, or a small organization done with Big Tech's lens on your work — we'd like to hear from you.

We're not pitching. We're listening for what's missing, what's been tried, and what would actually help. Conversations are confidential by default.

Request early access

Halo is being developed inside Born Between Generals, LLC R&D.