Skip to main content
This page consolidates the public limitations that apply across the Enigm ecosystem. It is intended to keep product pages concise while preserving clear security, privacy, legal, and operational boundaries.

Overview

Enigm is designed to reduce exposure, minimize metadata, protect communication content, and separate administrative authority from plaintext access. These controls improve privacy and security posture, but they do not eliminate every risk. Limitations should be interpreted as architectural boundaries, not as product disclaimers that weaken the documented security model.

Universal Limitations

Across all Enigm products:
  • Compromised endpoint devices can expose content after authorized local decryption or rendering.
  • Authorized users can disclose content outside Enigm controls.
  • External recording, screenshots, physical observation, coercion, or social engineering can bypass technical confidentiality controls.
  • No privacy system can guarantee anonymity, untraceability, or complete resistance to advanced traffic analysis.
  • Metadata minimization reduces exposure but does not remove every operational identifier required for routing, authentication, availability, security, abuse prevention, lifecycle control, legal obligations, or compliance.
  • Security controls reduce risk but do not guarantee prevention of every vulnerability, misconfiguration, or future unknown attack.

Enigm App

End-to-end encryption protects message, attachment, call, and media content from server-side plaintext access. It does not protect content after it is intentionally disclosed by an authorized participant, captured outside Enigm controls, or accessed on a compromised trusted device. Message expiration and deletion reduce availability of protected content, but they cannot guarantee removal of content already exported, copied, captured, or disclosed outside Enigm controls. Secure viewers, anti-capture controls, and voice privacy features reduce exposure during normal use, but they cannot control every endpoint environment or external capture method.

Network Privacy

VPN Service, Proxy Network, traffic separation, and traffic shaping reduce network exposure and lower confidence in simple traffic-correlation techniques. They do not replace end-to-end encryption, Device Trust, endpoint security, or user trust decisions. Network observers may still perform traffic analysis under some conditions. Enigm does not claim guaranteed anonymity, untraceability, or complete resistance to advanced traffic analysis.

Enigm Command and Enigm Server

Enigm Command provides account, device, product, session, payment, Enigm Server, Enigm eSIM, and Enigm Key lifecycle management. Administrative authority does not grant access to message plaintext, attachment plaintext, call content, private key material, or decrypted communications. Enigm Server administrators can manage membership and lifecycle availability of server-scoped encrypted content. Deletion controls operate on encrypted content objects and lifecycle state; deletion does not imply content visibility, decryption authority, or cryptographic access.

Enigm eSIM

Enigm eSIM is a data-only connectivity service commercially facilitated through Enigm and operated through independent telecommunications infrastructure. Enigm is not a mobile network operator, MVNO, telecommunications carrier, or issuer of carrier infrastructure. Telecommunications availability, carrier-side network records, coverage, local registration obligations, and lawful obligations in the country of use remain subject to the independent telecommunications provider and applicable law.

Enigm Key

Enigm Key is designed for user-controlled emergency alerting and event-bound location sharing. It does not replace emergency services, professional safety planning, physical security, or user judgment. Location sharing depends on device state, connectivity, service availability, and configured emergency contacts. It should be treated as a safety-support workflow rather than a guarantee of rescue, delivery, or response.

Enigm OS

Enigm OS provides platform hardening, reduced attack surface, Trust Security Center, network policy controls, Privacy Mode, OTA governance, and optional Controlled Device Management. It does not replace end-to-end encryption, user trust decisions, secure messaging architecture, security awareness, or endpoint hygiene. Trust Security Center evaluates device security signals. It does not inspect message content, media content, call content, attachments, documents, or user conversations. Trust state improves visibility but does not guarantee absence of compromise.

OTA and Signing

OTA security depends on multiple independent controls: transport authentication, request validation, manifest verification, artifact verification, eligibility controls, Remote Attestation, and Hardware-Backed Signing. The current production OTA manifest signing authority and the target production release-signing authority are separate. Hardware-backed signing is a release authorization root of trust, but it does not replace source review, secure build governance, artifact verification, rollout controls, Remote Attestation, or client verification.

Enigm Intelligence and Enyra

Enigm Intelligence improves visibility, correlation, risk prioritization, and defensive response support. It does not guarantee prevention of every attack, eliminate false positives or false negatives, determine attribution with certainty, or replace human authorization for sensitive actions. Enyra provides conversational product assistance and security-operations assistance. It does not replace detection systems, correlation systems, defensive enforcement, or operator judgment.

Infrastructure and Operations

Monitoring, incident response, backup, and recovery improve operational resilience. They do not prevent every service issue, attack, software defect, dependency failure, or operational disruption. Backup and recovery are continuity controls for critical platform state. They are not a user-content archival system and are not intended to bypass end-to-end encryption or provide plaintext access to protected communications. ISO/IEC 27001 certification, independent assessments, recurring reviews, vulnerability assessments, adversarial testing, and governance processes improve assurance and accountability. They do not guarantee absence of vulnerabilities or certify every product feature outside the applicable scope. Legal requests are evaluated according to applicable law, jurisdiction, scope, validity, and Enigm’s technical ability to respond. Enigm cannot provide data it does not possess and cannot provide plaintext or private key material where the architecture does not grant access.

Privacy and Data Retention

Data minimization reduces collection and retention, but some operational data is required for account state, device association, message delivery, security monitoring, abuse prevention, lifecycle control, legal obligations, compliance, and service integrity. Deletion removes data from normal service operation according to the documented retention model, subject to valid legal, security, compliance, accounting, or preservation constraints where applicable.