Why does Acta Security use SimpleX instead of Signal or WhatsApp?

SimpleX needs no phone number, email or account and has no central directory of users, so there is nothing tying a conversation back to you. It is end-to-end encrypted and routed through relays Acta operates inside the EU, and it works even if your normal communications are compromised during an incident.

Why is SimpleX slow to connect the first time?

The first handshake is routed through privacy relays, which adds latency. It can take 10 seconds to a minute and may appear stuck on Connecting. Wait up to a minute; the privacy that makes SimpleX hard to trace is what adds the delay.

How fast can Acta Security respond to an incident?

For active incidents reached over SimpleX, an operator typically responds within the hour, including weekends and holidays.

How do I get my security report?

Reports are delivered through the secure client portal at actasecurity.eu/portal, accessible only to you and the Acta team, using passwordless email one-time-code sign-in.

// FAQ

Questions & answers

Q: Is my data kept in the EU?

Yes. Acta Security is built around EU data sovereignty, with EU-resident infrastructure for the portal, email and SimpleX relays, and no reliance on US cloud for client data.

How we work, what to expect — and, most importantly, how to reach us securely if you're in the middle of an incident.

// REACHING US IN AN INCIDENT

Connecting over SimpleX — step by step

If you suspect or confirm an active incident, we talk over SimpleX Chat. It's a little different from the apps you know — here's exactly what to do, and why it's worth the extra minute.

Why SimpleX, and not Signal or WhatsApp?

No phone number, no account, no email. There's nothing that ties the conversation back to you.
No central server with your contacts. SimpleX has no user identifiers at all — uniquely, there's no profile to subpoena or leak.
End-to-end encrypted and routed through relays Acta operates inside the EU (smp.actasecurity.eu).
It works when your normal comms may be compromised. During an incident, your email or chat could be in the attacker's hands — a clean, separate channel matters.

How to connect

Install SimpleX Chat — from the App Store, Google Play, or desktop. Make sure it's SimpleX Chat — not Signal, not Session.

Open the app and complete the brief first-run setup. Just pick a display name — it's stored only on your device. You will not be asked for a phone number or email; that's normal.

Open our incident-response link inside the app, or scan the QR code on our Under attack? section. On a phone, the easiest path is to scan the QR with the app's built-in scanner.

Be patient on first connect. It can take anywhere from 10 seconds to a minute while SimpleX builds the encrypted channel through its relays. It may look like it's stuck on "Connecting…". It isn't — just wait. The privacy that makes SimpleX hard to trace is the same thing that adds a few seconds here.

Send one message with: your organisation, what you suspect, and when it started. An operator picks it up and replies — usually within the hour, including weekends and holidays.

Open the secure IR channel >_

In an active incident and stuck? Don't lose time fighting the app. Use the contact form on the site to tell us you're trying to reach us over SimpleX and we'll help you connect.

SimpleX troubleshooting

It's been stuck on "Connecting…" — is it broken?

Almost always no. SimpleX routes the first handshake through privacy relays, which adds latency. Give it up to a minute. If it still hasn't connected, make sure you opened the link inside the SimpleX app (not a web browser), check your internet connection, and try opening the link again.

I opened the link in my browser and nothing happened.

The link has to be opened by the SimpleX app, not a browser. On a phone, scan the QR code with the app's scanner instead. On desktop, copy the link and use "Connect" inside SimpleX.

I connected but no one has replied.

Once your message is delivered, an operator responds within a few hours — typically under an hour, including weekends and holidays. Leave the app open so you receive the reply.

Do I have to use SimpleX? Can we just email?

For routine questions, the contact form or email is fine. For a suspected breach, a separate secure channel is strongly preferred — if your email is compromised, that's the last place to coordinate a response.

About Acta Security

What does Acta Security do?

EU-based offensive and defensive security: penetration testing and red-team operations, attack-surface mapping, virtual CISO (vCISO) advisory, NIS2 / DORA / GDPR compliance, and incident response.

Where are you based, and do you work remotely?

We're EU-based (node in Portugal) and work remotely across the EU, the UK and South Africa. Engagements are delivered remotely by senior operators.

Is my data kept in the EU?

Yes. We're built around EU data sovereignty — our infrastructure (including the client portal, email and SimpleX relays) is EU-resident, with no reliance on US cloud for your data.

Engagements & reports

How does an engagement work?

Pick a service and request it from the Engagements section (or we create it for you). We confirm scope and agree an SLA, carry out the work, then deliver your report securely in the client portal. You can track progress the whole way through.

How do I pay?

No payment is taken on the website. Engagements are confirmed with a scope and SLA, then invoiced — multi-month services (recurring testing, vCISO retainers) run on a minimum commitment.

How do I get my report?

Reports are delivered through the secure client portal at actasecurity.eu/portal — only you (and our team) can access yours. Sign in with a one-time email code; no passwords.

What's the difference between a penetration test and a red team?

A penetration test finds and proves vulnerabilities in a defined target (an app, a network). A red team emulates a real adversary against your whole organisation toward a goal — including people and process. Custom red teams start with a 90-minute scoping consult.

How fast can you respond to an incident?

For active incidents, reach us over SimpleX (above) — we typically respond within the hour, including weekends and holidays. Our 10-hour incident-response block gets containment and investigation moving immediately.

What is the client portal?

Your private area at actasecurity.eu/portal for tracking engagements, downloading reports, and raising support tickets. Passwordless sign-in by email one-time code.

Still have a question?

Use the contact form, or for anything sensitive, reach us over SimpleX above.