Workflow · Targeted Broadcasts

One message. Only the right phones.

A coordinator types once. The tag carries the audience and helps scope the encryption. Only matching devices can decrypt.

Compose broadcast CATEGORY TECH · Support CITY JEDDAH AUDIENCE ROLES ATCA TCA TECH MESSAGE Network outage in Hall B. Failover SSID is myProctor-BU. Password in app. Send v1 :: TECH :: ROLE_AREA :: CITY=JEDDAH :: R=ATCA_TCA_TECH auto-derived city + roles → scope HKDF-SHA256 tag + app key → wrapping key key 1 1 1 SENDER · 3 CHIPS TAG → KEY (HKDF) 3 of 9 CAN DECRYPT
Three chips · scope auto-derives · tag scopes the encryption key · only matching phones can decrypt
Eight Codes

Every message has a type code.

Four standalone categories, plus a Support family with four sub-types. Each one is color-coded everywhere it appears.

Standalone
PSWD
Password message
Distributes one-time exam passwords or session tokens to the audience that needs them.
DIRC
Direction message
Operational instructions — what to do, where to go, when to start. The day's choreography.
EXEC
Executive message
Leadership announcements and high-priority directives. Reserved for senior staff.
INFO
General information
Routine updates and FYI messages. Lowest priority styling — informational, not actionable.
Grouped
SUPPORT — issues that need someone to fix something 4 sub-types
TECH
Technical
Devices, app, network.
LGST
Logistics
Transport, supplies, venue.
ADMN
Administrative
Paperwork, approvals, HR.
SUPP
General support
Fallback when no sub-type fits.
Composing

Three chips, one message.

A coordinator picks a type code, a city, and the audience roles. The system handles everything else.

01

Pick a type code

Eight options across two groups. The code sets banner color, priority, and inbox grouping — pick by meaning, not by styling.

02

Pick the city

One specific city — or ALL to reach every region. The chosen value lands in the tag's CITY= segment.

03

Pick audience roles

Tap any combination — sorted alphabetically and joined with _. Empty selection means ALL.

04

Hit Send

The three chips compile into the tag — and the scope segment is auto-derived from city + roles. The message itself stays human-readable.

Routing & Encryption

How the tag becomes a key.

The tag isn't just an audience label — combined with a shared app key, it scopes the encryption. Only devices that match can derive the key and decrypt.

01

The tag is compiled

Five segments, joined by ::. Versioned at the front — the system can evolve without breaking older messages already in flight.

02

Scope auto-derives

One of GLOBAL, AREA, ROLE, or ROLE_AREA — chosen by whether city and roles are specific or both ALL. No checkbox to flip.

03

Tag scopes the key

The body is encrypted with a random per-message AES-GCM key. That key is then sealed using HKDF-SHA256 over a shared app key and the tag — so opening it needs both.

04

Only matches decrypt

Every broadcast carries a versioned tag — the audience selector and one input to the message's encryption, in the same string.

What's actually moving.

Three quiet design decisions that make targeted broadcasts trustworthy.

Routing tag

Five segments, one line

Every broadcast carries a versioned tag — the audience selector and the encryption recipe in the same string.

v1::TECH::ROLE_AREA::CITY=JEDDAH::R=ATCA_TCA_TECH
format type code scope ▴ derived city roles
Type codes

Color-coded everywhere

Each code keeps the same color across compose UI, banners, inbox, and audit log. One glance tells you what kind of message this is.

PSWD DIRC EXEC INFO TECH LGST ADMN SUPP
Auto-expiry

Quiet by default

Broadcasts auto-expire after 300 days. Old messages don't pile up in inboxes, don't haunt new staff, don't bloat storage. The audit log keeps the record; the live feed stays clean.