ONE PLATFORM · THREE PRODUCTS

Machine identity.
Human access.
Built into every layer.

Privitty ships as three complementary products, each solving a distinct layer of the access and communication problem. Deploy one. Deploy all three. The identity standard travels with you.

Privitty Edge

Communicator SDK

Communicator App

PRODUCT 01

Privitty Edge & Watchtower

The machine identity and remote access layer for operational technology. Edge runs on your factory floor. Watchtower governs it from the cloud.

Privitty Edge is a lightweight Windows service that runs on any MELIPC-class or Windows IoT Enterprise industrial PC, giving every machine a cryptographic identity and a secure, outbound-only gateway for remote engineers. No hardware. No inbound ports. No VPN.

Privitty Watchtower is the governance dashboard. Provision machine identities, assign engineers to channels, monitor active sessions and file transfers, and revoke access, individually or all at once, from a single web interface.

PRODUCT 01

Privitty Edge & Watchtower

The machine identity and remote access layer for operational technology. Edge runs on your factory floor. Watchtower governs it from the cloud.

Privitty Edge is a lightweight Windows service that runs on any MELIPC-class or Windows IoT Enterprise industrial PC, giving every machine a cryptographic identity and a secure, outbound-only gateway for remote engineers. No hardware. No inbound ports. No VPN.

Privitty Watchtower is the governance dashboard. Provision machine identities, assign engineers to channels, monitor active sessions and file transfers, and revoke access, individually or all at once, from a single web interface.

Machine identity at pairing

Every Privitty Edge generates an OpenPGP-verified cryptographic identity on first activation, bound to that device instance permanently. No IP address. No shared credential. The machine knows who it is.

Controlled file transfer

Send PLC programs, HMI packages, and recipe files with per-object access policy: allow view, download, or forward. Set time expiry. Revoke after delivery. QUIC peer-to-peer for large files; relay fallback for signalling.

E2EE remote sessions

SSH, RDP, and VNC tunnels run over the same identity-verified, end-to-end encrypted channel. Operator-initiated only. One active tunnel per session. No inbound firewall rules on the plant VLAN, ever.

True revoke & panic

Revoking a file makes it cryptographically unreadable — wherever it is, even if already opened. The panic button withdraws all access, kills all tunnels, and logs the event. One click. Immediate. Complete.

Software only · ~20 MB

Privitty Edge is a Windows service. It installs on your existing MELIPC or Windows IoT Enterprise industrial PC. No dedicated appliance. No rack space. No procurement cycle. Deploy in hours, not months.

MES / SCADA automation hook

Privitty Edge exposes a local JSON-RPC API on localhost:7200 and SSE stream. Mitsubishi integrators and MES platforms can auto-ingest decrypted packages into a controlled directory or workflow without manual engineer intervention.

PRIVITTY WATCHTOWER

The identity governance console.

A dedicated Watchtower instance, hosted under your domain and certificates — gives fleet administrators full visibility and control over every machine identity, engineer account, and active session across all sites.

PRIVITTY WATCHTOWER

The identity governance console.

A dedicated Watchtower instance, hosted under your domain and certificates — gives fleet administrators full visibility and control over every machine identity, engineer account, and active session across all sites.

01

Device registry

Onboard and manage MELIPC / Privitty Edge units as named factory assets with location, plant, and role metadata.

03

Activity monitoring

Real-time view of pairing status, file transfers, active tunnels, and revoke events across every site in your fleet.

04

Policy & provisioning

Assign operators to edges, set access windows, manage licenses, and trigger immediate revoke from a single dashboard action.

02

Operator registry

Provision mobile and desktop engineers by role. Assign them to specific edges. Their access is scoped at provisioning time, not at the network level.

PRODUCT 02

Privitty Communicator SDK

Embed Privitty's identity-layer communication directly into your existing application or workflow, without rebuilding your messaging stack from scratch.

PRODUCT 02

Privitty Communicator SDK

Embed Privitty's identity-layer communication directly into your existing application or workflow, without rebuilding your messaging stack from scratch.

Decentralised architecture

No central data server. No single point of breach. Built on open, decentralised infrastructure so security is embedded in every data object, not dependent on a perimeter. Deploy on-premises, your cloud, or Privitty-managed infra.

Controlled file transfer

Revoke sent messages and shared files at any time, even after delivery and after the recipient has opened them. Access is removed instantly across all devices. No copies. No residual access. No exceptions.

End-to-end encryption

All communication is protected with strong E2EE. Only intended recipients can read messages or access files. Privitty cannot decrypt user data. Neither can the relay. The relay is transport-only by cryptographic design.

Time-limited access

Define exactly how long messages and files remain accessible. Content automatically expires and becomes cryptographically unreadable when your policy window closes, reducing data exposure and satisfying compliance requirements automatically.

QR / invite onboarding

Users onboard instantly using a QR code or secure invite link. No phone numbers. No email addresses. No identity leakage. Cryptographic identity is established at pairing, not through a central identity directory.

Drop-in integration

The SDK embeds directly into your existing application — ERP, MES, SCADA interface, field service app. No forklift upgrade. No separate communication product for your users to install. Your app, Privitty's security layer.

PRODUCT 03

Privitty Communicator App

Secure messaging for teams and enterprises. E2EE by default, with file access control, true message revoke, and zero metadata tracking — on every platform your team already uses.

PRODUCT 03

Privitty Communicator App

Secure messaging for teams and enterprises. E2EE by default, with file access control, true message revoke, and zero metadata tracking — on every platform your team already uses.

Decentralised architecture

No central server. No single point of breach. Security is embedded in every data object, not dependent on a perimeter. Deploy on-premises or use Privitty-managed infrastructure, your choice, your control.

True message revoke

Revoke any sent message or shared file, even after delivery, even after it's been opened. Access withdrawn instantly across all recipient devices. Real-time key withdrawal. Zero trace on servers.

Per-file access control

Every file shared carries its own access policy: view only, no forward, time-bound. A CAD file, KYC document, or patient record becomes cryptographically unreadable when your policy window closes, not deleted, unreadable.

Every platform, same security

Android, iOS, Windows, macOS, and Linux, a consistent secure experience without feature fragmentation. The same E2EE, same revoke capability, same access control on every device your team uses.

No identity leakage

Users onboard with a QR code or invite link. No phone number. No email address. Cryptographic identity is established at pairing, not through a central directory that can be harvested or breached.

Enterprise sovereign deployment

Deploy with your own relay, your own Watchtower governance instance, and your identity provider. Full fleet visibility for administrators. Operator provisioning by role. Immediate revoke from the admin console.

ONE STANDARD · THREE PRODUCTS

"Machine identity. Human access.
Start with what you need."

Whether it's a factory floor, an enterprise team, or an application, Privitty gives you the identity layer your workflow is missing.

Privitty gives every machine a cryptographic identity and every engineer a verified, revokable channel. No VPN. No firewall rules. No hardware. Just trust between the identities that matter.

A new standard for
machine identity
and human access.

THE IDENTITY LAYER FOR OPERATIONAL TECHNOLOGY

Cryptographic Identity

Access Revokable

No Hardware

Edge Solutions

No Hardware