Everything you need to know before approving this platform for your firm.

Every message is automatically archived the moment it is sent — before it is delivered to the recipient. This happens at the infrastructure level, independent of the application. There is no setting, no admin toggle, and no user preference that can disable it. Even a fully compromised application could not suppress archiving, because the record is written at a layer below the application itself. Every message sent through Quavix Messenger is on the record. No exceptions.

Yes. Message records are stored in AWS S3 using S3 Object Lock in Compliance mode — the same WORM (Write Once, Read Many) storage used by financial institutions to satisfy SEC Rule 17a-4. In Compliance mode, no one can delete or overwrite a stored object during its retention period — not the account administrator, not AWS support, not us. The lock is enforced at the cloud storage level, entirely outside the application. This is the strongest available guarantee of non-erasability. Beyond storage, the archive itself rejects any attempt to alter the core message record — message content, sender identity, and timestamps cannot be changed by anyone. The only updates permitted are review annotations added by compliance officers (who reviewed a flag, what notes they added), which is part of your workflow and does not alter the underlying message.

For every message, the archive captures: the exact message text as sent, the sender's full name and email address, which firm the sender belonged to at the precise moment of sending, the recipient's identity for direct messages, the name of the group or community for group conversations, whether the conversation was a direct message, private group, or community channel, and the timestamps for when the message was sent and when it was archived. If a firm employee communicates with someone outside the firm, the record shows the outside party's identity as well. Every field is captured at send time and cannot change retroactively.

When an employee leaves your firm, your archive needs to clearly show which messages were sent on your firm's behalf and which were not. By locking in the firm affiliation at the moment each message is sent, the record is unambiguous regardless of what happens later. An employee's departure, a firm merger, or any other organizational change has no effect on historical records. Your archive correctly reflects the firm structure that existed when each message was sent — exactly as a regulator would want to see it.

Your firm retains full access to every message they sent while affiliated with you. Those records remain in your compliance archive for the full 7-year retention period. From the employee's perspective, the conversations disappear from their chat view — because those communications belong to the firm, not to the individual. If they join another firm on the platform, that firm's archive starts fresh from their new join date and has no visibility into communications made under your firm.

Yes. All conversation types are archived without exception: one-on-one direct messages, private group chats, and open community channels. There is no category of communication within the platform that bypasses the archive. The platform operates on the principle that no business communication should be off the record.

No. The archive is written at the moment of sending, before any user action could affect it. A user who later deletes or edits a message in the chat view has no effect on the archive — the original is already locked in. Additionally, the system maintains a complete change history: if a message is edited or deleted, a record of that action is created showing who did it, when, and what the original content was. Your archive contains the original message and the full audit trail of any subsequent changes.

All message archives are stored in AWS S3 with Object Lock enabled in Compliance mode. This is WORM storage — once written, the records cannot be deleted or overwritten by any party for the duration of the retention period. AWS S3 with Object Lock in Compliance mode is widely used by financial institutions, banks, and broker-dealers specifically because it satisfies the non-erasable, non-rewritable requirements of SEC Rule 17a-4.

All message records are retained for a minimum of 7 years. This retention period is enforced at the storage level via S3 Object Lock — records cannot be deleted even by us before the 7-year period has elapsed. This meets the maximum retention requirement under SEC Rule 17a-4 for most categories of broker-dealer records. At the end of the retention period, records can be disposed of in accordance with your firm's retention schedule.

Yes, by default. We deploy in US-based AWS regions. If your firm has specific data residency requirements beyond that — particular regions, data sovereignty requirements, or restrictions on cross-border data flows — contact us before onboarding and we will confirm the configuration is appropriate for your situation.

Yes. Every action taken in the compliance portal is permanently logged: every search, every message viewed, every thread opened, every export created, and every file downloaded. Each log entry captures who did it, what they did, which organization they belong to, the IP address they were connecting from, and the timestamp. These access logs are append-only — they cannot be deleted, edited, or suppressed. If a compliance officer or deputy uses the portal, you have a complete and unalterable record of exactly what they accessed and when.

The system maintains four separate permanent event logs: one covering every change to message content (edits and deletions, with before and after values); one covering every action in the compliance portal; one covering every stage of every export job from creation through download; and one covering every change to group and community membership — who joined, who left, who changed roles, and who made each change. All four are permanent and cannot be altered.

The access logs make misuse visible and verifiable. You can see exactly who accessed what, in what order, and from where. This creates accountability within the compliance function itself — the system does not rely solely on trusting that authorized users will behave correctly. If there is ever a question about how a particular document ended up in the wrong hands, the access logs provide an unambiguous trail.

You can search the complete archive of your organization's messages by date range, sender, keyword, or conversation type. You can view the queue of flagged messages that matched your keyword rules, add review notes, and clear flags when resolved. You can create and download exports for any date range in XLSX, PDF, or HTML format. You can review the full access log showing every action taken in the portal. You can manage your organization's keyword monitoring rules. And you can view the full membership history of any group or community your employees participate in.

You define a list of words and phrases that concern you from a compliance standpoint — things like specific market terms, regulatory red flags, or internal policy violations. Each keyword gets a category (you define your own categories), a severity level (high, medium, or low), and the system monitors for it. A background process runs continuously and checks newly archived messages against your active keyword list. When a match is found, the message is flagged and added to your review queue. You see flagged messages sorted by severity. You annotate them, note your disposition, and clear them when reviewed. Deactivating a keyword stops future scanning without erasing the history of what was previously flagged under it.

Exports are available in XLSX (for spreadsheet review and production), PDF (for human-readable submission to regulators), and HTML (for archive or web-based review). Each export job runs in the background and is available to download from your portal when complete. Every export file is accompanied by a cryptographically signed manifest that records exactly which messages were included, the date range queried, the filters applied, who requested the export, and when. The file also carries a SHA-256 checksum. A regulator receiving your export can use the manifest and checksum to verify that the file has not been tampered with in transit or since it was generated. Every download is logged by user and timestamp.

You can search and export any date range from the beginning of your organization's history on the platform. Records are retained for 7 years. If a regulatory examination reaches back 5 years, all of that is searchable and exportable.

The CCO is the first person granted compliance access when a regulated organization is set up. You can request additional compliance-access users — for example, a deputy CCO or a paralegal supporting examination responses. Regular employees never have access to the compliance portal or the archive under any circumstances, regardless of their seniority within the firm.

Anonymous communication in Quavix Messenger means anonymous to other participants in the conversation — not to the compliance system. Every message is archived with the sender's full real identity regardless of what display name they chose to use in that community. A user who participates in a community under a pseudonym still has their real name, email address, and firm affiliation recorded in the archive for every message they send. Your keyword monitoring, exports, and audit trail always operate on the verified real identity. Regulators reviewing your archive see real names and real emails. Aliases are a display layer only and have no effect on the compliance record.

When a user joins a community, they can choose a display name for that community that is different from their legal name. Other participants in the community see that display name in conversation. The compliance system ignores the display name entirely — it works only with the verified identity the user registered with. The display name and the real identity are kept separate and the real identity cannot be overridden or hidden from the compliance record.

Yes. The platform allows direct messaging between any two users regardless of firm affiliation. Your compliance archive captures both sides of those conversations — messages sent by your employees and messages received by your employees. If someone at another firm sends a message to one of your people, that inbound message appears in your archive alongside your employee's reply. You see the full conversation, not just your firm's half of it. This is essential for detecting context that matters — a problematic suggestion sent to your employee is just as relevant as how your employee responded.

From your seat management dashboard, you add a seat and enter the employee's email address. The system sends them an invite link that is pre-associated with your organization. When they complete signup, they are immediately affiliated with your firm and their seat is active. You control exactly who can be invited — seat invites will only be accepted from email domains you have pre-approved for your organization. An employee cannot join under your firm using a personal Gmail or any other unapproved domain.

From the seat management dashboard, you remove their seat or mark it open for reassignment. Their access to the platform is suspended at the next login attempt. Their full message history remains in your compliance archive for the 7-year retention period — departure does not affect what you retain. The departure date is recorded so the compliance record correctly shows that messages sent after that date are no longer attributed to your firm.

New employees receive an invite link from you. They confirm they are joining a regulated entity, complete their personal details, and verify their email. Because the invite comes from you, they skip the CCO approval step — you have already authorized them by issuing the invite. If they are the first person registering for a new organization (i.e., they are the CCO setting up the firm for the first time), the onboarding includes firm setup: legal name, SEC registration number, FINRA CRD number, and approved email domains.

The system blocks it. Seat invites check the recipient's email domain against your approved list before allowing the signup to proceed. If your firm only allows @acmecapital.com addresses, an invite sent to or claimed by a Gmail address will not complete. This closes the door on shadow accounts that could circumvent your compliance perimeter.

Each affiliation is its own distinct period in the record. When an employee leaves your firm, their departure is dated and their affiliation with you is closed. Your archive retains all messages sent during their tenure. When they join a new firm on the platform, a new period begins under the new firm's record — the new firm has no visibility into what was said under your firm, and your firm has no visibility into what is said under the new firm. There is no overlap, no backdating, and no contamination between the two records.

Quavix Messenger is designed with SEC Rule 17a-4 as the primary framework. Rule 17a-4 requires broker-dealers to retain electronic communications in a non-rewritable, non-erasable format — the requirement that S3 Object Lock in Compliance mode directly satisfies. FINRA Rule 4511, which requires member firms to preserve records in accordance with Rule 17a-4, is addressed by the same infrastructure. For registered investment advisers, SEC Rule 204-2 under the Investment Advisers Act imposes similar record-keeping obligations. The platform's archiving, retention, and audit-trail design addresses all three. You should confirm applicability with your legal counsel — your specific obligations depend on your registration type, the nature of your business, and your jurisdiction.

Yes. All message records are retained for a minimum of 7 years, enforced at the storage level. This meets the maximum retention period required under SEC Rule 17a-4 for most categories of records. The retention is not configurable downward — no setting, no administrator action, and no request to us can shorten a record's retention period once it is written.

Use the compliance portal to run an export covering the requested date range and parties. Select the format appropriate for the request — XLSX or PDF for human-readable production, HTML for web-based review. The export includes message content, sender and recipient identity, timestamps, conversation context, and any review notes. Submit the export file along with its signed manifest and checksum. The manifest allows the examiner to independently verify that the file you produced is complete and unaltered. Your access logs provide an additional record showing that only authorized personnel accessed the archive in preparing the production.

Some broker-dealers are required under Rule 17a-4(f) to designate an independent third-party custodian for their electronic records. If your regulator has this requirement, contact us before onboarding. A custodian arrangement is something we can accommodate — it is a configuration of where the records are ultimately held, not a change to how archiving works. We will scope the appropriate setup for your situation.

Submit a request through the main page — indicate your role as CCO, that you represent a regulated entity, your firm type, and your approximate seat count. We will reach out directly to walk through your compliance requirements, confirm the platform is the right fit for your situation, and set up your organization. We do not do self-serve onboarding for regulated accounts. Every regulated firm goes through an initial conversation with us before going live.

We recommend your legal counsel review: how the automatic archiving works and why it satisfies non-erasability requirements, how S3 Object Lock in Compliance mode enforces the 7-year retention at the storage level, the export manifest and signature scheme, the CCO portal access controls and the access audit trail, the employee onboarding and offboarding process and how it creates a clean compliance perimeter, and the data residency configuration. We are glad to arrange a technical walkthrough for your legal and IT teams before you make a decision.

Yes. You can start with a small seat count. The compliance infrastructure is identical at any size — there is no reduced-compliance mode for pilots. Everything that applies to a 50-seat deployment applies to a 2-seat pilot. You get the full archive, full portal, full keyword monitoring, and full audit trails from day one.