Vol. 01 · No. 02
Summer 2026
The Founding Ten · now open Half price for two years
For UK charities & care providers

WhatsApp, on the record.

Your teams already run on WhatsApp. We move those conversations onto a number your organisation owns – same app, nothing to install, nothing to learn – where every message is captured to a UK-hosted archive and answerable the day a regulator, a relative or a tribunal asks.

Book a free risk audit See the founding offer
30-minute call · No pitch deck · We'll say if we're not the fit
Official WhatsApp Business API UK data residency Disclosed, never covert Live in 14 days
PART 01 · THE EXPOSURE
The conversation we keep avoiding

Your charity is already having the conversations. None of them are governed.

WhatsApp lives in your care homes, your frontline teams, your fundraising threads, your trustee chat. Your DPO knows. Your IT director has tried to stop it. The conversations happen anyway – just outside everything you bought to keep the organisation safe.

Then one morning it surfaces. A solicitor's letter asks for "all WhatsApp messages concerning my mother". A safeguarding review needs a thread that lives on the personal phone of someone who left in March. An inspector asks how handover decisions are recorded, and the only honest answer is "on people's own phones".

You can spend another year fighting the culture. Or you can govern the channel your people refuse to give up.

1 month
The statutory clock on a Subject Access Request. It starts the day the letter lands, whether or not you can search WhatsApp.
UK GDPR · Art. 12(3)
Reg 17
The CQC's good-governance rule: accurate, complete and contemporaneous records. Group chats about care are records.
Health & Social Care Act regs · care providers
Zero
Messages you can reliably produce from a leaver's personal phone once they walk out the door.
Ask your last three leavers
PART 02 · THE CHOICE
The usual three options

Three doors everyone tries. None of them hold.

Door 01 · Ban it

Write the policy. Send the memo.

The chats don't stop; they go quiet. Risk you could at least see becomes risk you can't, and the next incident arrives with "and they knew" attached to it.

Verdict · The risk goes dark
Door 02 · Replace it

Roll out the approved app.

Teams, Slack, a "secure messenger". Adoption lasts a fortnight, the night shift never moves, the families never join. Now you run two channels: one official and empty, one real and invisible.

Verdict · Two channels, one dark
Door 03 · Ignore it

Hope the letter never comes.

The cheapest option, right up until the morning it isn't. This strategy ends with a Subject Access Request, a tribunal order or an inspection finding – and it picks the date, not you.

Verdict · Works until it doesn't
The fourth door

Don't fight WhatsApp. Govern it.

Keep the app every member of staff, every volunteer and every family already uses. Move the conversations onto a number the charity owns. Capture everything, disclose everything, and be able to answer anything. Same habit, new ownership.

The principle behind every feature we ship
PART 03 · THE MECHANISM
How it works

Four steps. Then it just runs.

STEP 01 · DAY ONE

Stand up a governed channel

Governed WhatsApp groups run on a Business API number your charity owns. The same number keeps normal one-to-one staff chat via WhatsApp Coexistence.

STEP 02 · WEEK ONE

Bring your people across

We migrate your groups, send the invites and supply the staff and family comms. Membership is controlled by API: one click in, instant removal when someone leaves.

STEP 03 · ALWAYS ON

Every message captured

Each message flows through the Business API into your UK-hosted, tamper-evident archive in real time. Disclosed to members, never covert.

STEP 04 · THE DAY IT MATTERS

Search, hold, answer

Subject Access Requests, safeguarding evidence, retention and litigation holds – all answered from one console, in hours not weeks.

Contract to first governed group: fourteen days.
We do the heavy lifting · Your staff change nothing
Start the fourteen days
PART 04 · WHAT'S IN THE BOX
What's in the box

Built for the people who have to answer for it.

001 · Channel

A number the charity owns

Groups run on your organisation's WhatsApp Business API number, not a volunteer's personal phone. The channel survives staff churn, phone upgrades and awkward exits.

002 · Membership

Joiners in, leavers out, instantly

Add and remove members by API. When someone leaves, they're out of every governed group before they reach the car park. No more "who still has access to that chat".

003 · Archive

Every message, kept as evidence

Captured through the Business API into a UK-region, tamper-evident store. Indexed, retained to policy, exportable to your compliance stack for eDiscovery.

004 · Respond

SARs answered in an afternoon

Search by data subject across every governed channel. Redact, package, deliver inside the statutory month. A workflow built around ICO guidance, for charity DPOs.

005 · Preserve

Holds that survive deletion

Retention rules per channel, legal-hold flags that outlive delete attempts, and a trustee-ready evidence trail for safeguarding reviews and disputes.

006 · Protect

Keys you hold, not us

Bring your own encryption keys via Azure Key Vault. Revoke the key and the archive is cryptographically destroyed. You stay in control.

PART 05 · THE FOUNDING OFFER
Ten places · opened June 2026

We're building this with ten organisations. Be one of them.

We're a young company with a strong opinion and a working product. We won't show you logos we don't have. What we need now is ten organisations who live this problem every day – and we're paying properly for the privilege.

Founding partners get the product at half price, the founders on a first-name basis, and a real say in what gets built next. In return we ask for the one thing money can't buy at this stage: your honest, public word that it works.

Every founding place includes
  • Half price for two years, then today's list price locked for life
  • White-glove setup: Business API onboarding and migration of every group, done for you
  • The trustee pack on day one: DPIA template, privacy notices, staff and family comms, board briefing
  • A named line to the founders and a vote on the roadmap
  • In exchange: a reference call and a case study, once we've earned them
Guarantee · In the contract

The Answerable Guarantee

If a Subject Access Request touches your governed channels and you can't produce the WhatsApp side within one working day, our team does it with you, free. If we still can't, we refund your year. The product has one job; this is us betting on it.

Exit · In the contract

The no-hostage clause

Leave whenever you like. Full export in open formats within fourteen days, a certificate of deletion, no exit fees. If we're not earning the renewal, we shouldn't have it.

Claim a founding place
30-minute call · No pitch deck · We'll say if we're not the fit
PART 06 · THE NUMBERS
Pricing

Pricing built for charities and care providers. No mystery line items.

Every number here is the number you pay. No platform fees, no inflated seat counts, no setup hidden in the small print. You pay for staff seats; everyone you serve joins free. Annual billing saves around two months on Foundation and Governance, onboarding is on us, and founding places take half off both – Enterprise founding terms are agreed in conversation.

The fair bit
You only ever pay for staff seats. Volunteers, families and the people you support join governed groups free, always.
No per-message fees from us. No per-participant creep. Widening who you include never widens the bill.
Tier 01 Foundation
Foundation
A single care home, centre or small charity
Founding rate · The Founding Ten
£199 £99 / month
Founding £990 / yr · List £1,990
Works out around 57p per staff member per week
  • Up to 40 staff seats
  • Unlimited volunteers, families & residents
  • Up to 15 governed groups
  • UK-hosted archive, audit logs & retention
  • 2 Subject Access Requests / year included
  • Onboarding & group migration included (annual plans)
  • Email support, 48-hour response
Start with Foundation
Tier 02 Most chosen
Governance
Growing, multi-site organisations
Founding rate · The Founding Ten
£599 £299 / month
Founding £2,990 / yr · List £5,990
  • Up to 250 staff seats
  • Unlimited volunteers, families & residents
  • Unlimited governed groups
  • Compliance-stack export for eDiscovery
  • 15 Subject Access Requests / year included
  • Customer-managed encryption keys
  • Quarterly compliance reports
  • Phone support, next-day response
Choose Governance
Tier 03 Enterprise
Enterprise
Large, multi-site care providers
Founding terms · By conversation
From £1,250 / month
From £15,000 / yr · custom
  • Unlimited staff seats & groups
  • Unlimited volunteers, families & residents
  • Unlimited Subject Access Requests
  • Litigation hold & advanced retention
  • Customer-managed keys & data-residency controls
  • Bespoke integrations (care management, HR, M365)
  • Named success lead & SLA with credits
  • Onboarding & migration across every site included
Talk to us
The safety net Every tier carries both contract clauses from the founding offer: the Answerable Guarantee – the WhatsApp side of a SAR produced within a working day, or we work it with you free and refund your year if we still can't – and the no-hostage clause. The risk of trying this sits with us.
Setup & onboarding Included on every annual plan. We run the WhatsApp Business API setup and migrate your existing groups across. No separate fee, ever.
If you need more Extra Subject Access Requests beyond your allowance are £150 each (Enterprise includes unlimited). The Answerable Guarantee applies to every SAR, included or not. Optional extra training is £500 per half-day.
The honest anchor A single contested SAR or tribunal disclosure exercise routinely eats more staff time than a year of Governance costs. Price this against one bad month, not against zero.
PART 07 · READ BEFORE BUYING ANYTHING
Read this before buying anything in this category

What we won't promise. And nobody honest can.

We won't · 01

Read personal phones.

Nobody can, lawfully. A vendor who says otherwise is selling you a data breach with a dashboard. Governance starts where ownership starts: on a number the charity controls.

We won't · 02

Absorb your existing groups.

The official API can't join groups it didn't create. We migrate you forward instead, with the rollout plan, invites and policy templates to make the switch stick.

We won't · 03

Monitor anyone covertly.

Every governed group is disclosed to its members, with the wording supplied by us. Disclosure is what makes the archive usable as evidence and your position defensible.

We won't · 04

Claim "zero knowledge".

Governance and zero knowledge are mutually exclusive. We re-encrypt at rest under keys you hold, and we say out loud what that does and doesn't mean.

If another vendor promises any of the above, ask them to put it in the contract. We put ours in writing two sections up.
PART 08 · SECURITY
Security & data protection

Built the way a charity DPO would design it.

We operate to the standards your trustees expect, and a few they don't yet ask about. Every claim on this page is independently auditable, and where we're still earning a certificate, we say so.

01 · Standards

Designed to ISO 27001

Information security mapped to ISO 27001:2022 controls from day one. Independent certification on the roadmap.

02 · Government

Cyber Essentials path

Targeting certification under the UK NCSC scheme. Increasingly expected by funders and public sector partners.

03 · Residency

UK data residency

All data stored in UK-region Microsoft Azure. The only exceptions – Meta's WhatsApp API and Stripe billing – are disclosed in our sub-processor list.

04 · Keys

Customer-managed keys

Hold your own encryption keys via Azure Key Vault. Revocation cryptographically destroys your data.

05 · Privacy

GDPR by design

DPIA templates, Article 30 records, lawful basis register. Built in, not bolted on.

06 · Transparency

Disclosed capture only

No covert monitoring. Members are in a charity-owned group and told it is governed. Lawful and ethical by default.

PART 09 · QUESTIONS
Frequently asked

Questions worth asking.

Yes. Governed groups run on the official WhatsApp Business API through a Meta-approved Business Solution Provider (Microsoft Azure Communication Services), on a number your charity controls. Members are in a group your organisation owns and are told it is governed. That is fully within WhatsApp's terms and meets GDPR transparency requirements. We do not tap, scrape or covertly join anyone's existing personal groups, which is neither possible through the API nor permitted.
In a governed group, your charity's Business API endpoint is a legitimate participant, so messages are delivered to it through Meta's official API rather than intercepted off anyone's device. From there we re-encrypt content at rest using customer-managed keys. We do not run a modified WhatsApp client and we do not claim "zero knowledge", because governance and zero knowledge are mutually exclusive. Any vendor promising both is misrepresenting how this works.
Fourteen days is typical from signed order to first governed group. We run the Business API onboarding, set up your archive, build the groups and supply the staff and family comms. Your side of the work is approving the wording and turning up to one 45-minute session.
You talk, mostly. Bring the scenario that worries you – the group nobody admits to, the leaver with two years of messages on their phone, the SAR you'd dread. We map your exposure against the rules that apply to you, show you the product only where it's relevant, and send you a one-page summary written for trustees. There is nothing to prepare and nothing to pass, and if we're not the fit we'll say so on the call.
Yes, and we provide the templates. Transparency is a GDPR requirement and an ethical one. We supply notification copy for staff, for relatives joining governed groups, and for your trustee board. In practice, almost everyone is reassured rather than alarmed.
No, and any tool that claims to is either misleading you or breaking WhatsApp's terms. The API can only govern groups created on your business number, so the model is to migrate activity into governed groups going forward and make that the way your charity uses WhatsApp. We give you the rollout plan, the member invites, and the staff and trustee policy templates to make the switch stick.
That is a policy and culture problem, and we treat it as one. Governed groups become the only approved channel, backed by a safeguarding-grounded policy your trustees can stand behind. On charity-issued devices, mobile device management can enforce it. The lever is making the governed channel the easy, expected default, not pretending we can secretly read private phones.
We onboard you to the WhatsApp Business API through an approved Business Solution Provider (Microsoft Azure Communication Services), on a verified business number you own. You retain the API account and all conversation data. We run the onboarding for you, included on every annual plan, or work alongside your existing BSP. Because the traffic is internal coordination rather than marketing, your Meta messaging fees typically sit in WhatsApp's free tier.
Yes. Anywhere WhatsApp has become operationally important, governance becomes operationally important. Fundraising teams, volunteer coordinators, safeguarding leads and trustee chats are all in scope. Pricing is by staff seat and participants are always free, so widening the use case never widens the bill.
You take everything with you. Full export of your archive in open formats within fourteen days, a certificate of deletion once you confirm, and no exit fees. Founding terms are exactly as the offer states: half price for two years, then today's list price locked for life – never the price we charge new customers later. On Governance that's £2,990 a year for two years, £5,990 a year from year three, while the list price for everyone else moves on without you. We intend to earn the renewal, not enforce it.
The Founding Ten · places open

Find out where you stand before someone asks.

A 30-minute risk audit with our team. Bring your messiest scenario. You leave with a one-page, board-ready summary of your WhatsApp exposure and a straight answer on whether we're the fit – even if that answer is no.

Book the risk audit Read the founding offer

Not ready for a call? Ask for the trustee briefing instead – one page on WhatsApp exposure, written for boards, no follow-up unless you ask for one. Request the briefing