SOVEREIGN

SOVEREIGN

Own your signal.

An Australian-built, de-Googled, privacy-first phone — hardened, verified, and yours alone.

The problem

Your phone was never really yours.

Every tap, location and contact quietly leaves the device — logged, profiled, and sold. This isn't a theory. It's the business model, and the record is on the public court file.

$60 million

The penalty the Federal Court ordered Google to pay for misleading Australian users about how their location data was collected and kept.

ACCC v Google, 2022

340× a day

How often a dormant Android phone — screen off, sitting on a desk — was measured sending location data back to Google over a single day.

Digital Content Next study, 2018

From 2026

Google will require every app on a certified Android device to come from a developer who has registered their real identity. The open era of Android is closing.

Google developer verification policy

What it is

Official GrapheneOS. Zero Google. Ready on arrival.

We start with a Google Pixel — the only hardware with a verified, open bootloader — and rebuild it from the silicon up.

01

De-Googled by default

No Play Services, no background telemetry, no silent sync.

02

Hardened at the OS level

GrapheneOS's memory protections and sandboxing, unmodified and unforked.

03

Set up before it reaches you

Your accounts, your apps, nothing left for you to configure.

Verify us

Don't trust us. Check the signature.

We ship official, unmodified GrapheneOS — nothing patched, nothing swapped. Here's how to confirm it yourself, in under two minutes.

Verified boot fingerprint

AVB0 · a3:f1:9c:04:7e:2b:66:d8 · 5c:91:00:aa:3e:47:1b:c2

Compare this against Settings → About Phone → Verified boot on your device.

Why trust this

The proof is public. The endorsements aren't ours.

Privacy you have to take on faith isn't privacy. Every claim on this page is something you can check yourself — or that someone with nothing to sell has already checked for you.

Recommended by the people who'd know

GrapheneOS is the operating system Edward Snowden has publicly recommended for anyone serious about mobile privacy. We didn't build it — we deploy it, unmodified.

Official GrapheneOS, nothing forked

We install the official release exactly as the GrapheneOS Project publishes it. No custom patches, no hidden additions, no SOVEREIGN branding baked into the OS.

Every device attested, every fingerprint published

We publish the verified boot fingerprint for every model we sell. Compare it against the GrapheneOS Project's own values in under two minutes. If they don't match, don't trust us.

The argument has been made for us.

"Privacy isn't about having something to hide. It's about having the power to control your own identity." — John Pane, Chair, Electronic Frontiers Australia.

Packages

Three ways to go dark.

Every tier ships the same hardened core. The difference is hardware, storage, and how far you want to take it.

Essential

Privacy essentials, ready out of the box.

From $1,290

  • Official GrapheneOS installed and professionally configured
  • Our documented hardening profile applied
  • Sandboxed Google Play — banking apps work privately
  • Signal — encrypted messaging and calls
  • Proton VPN — pre-installed and configured
  • Proton Authenticator — two-factor security
  • Vanadium — hardened private browser (default)
  • Aurora Store — anonymous access to Play apps
  • DuckDuckGo as default search
  • No pre-installed junk or background tracking
  • Getting started guide (PDF, printed and shipped)
  • Privacy screen protector (pre-applied)
  • Verified boot fingerprint published and attested
GrapheneOSVERIFIED BOOT

Pixel 10a128GB · Obsidian

$1,290

Order Essential
Card

Most chosen

Advanced

Full Proton privacy suite, configured and ready to use.

From $2,390

  • Everything in Essential
  • Advanced device hardening — permissions, sensors, auto-reboot, USB-C lockdown
  • Proton Mail — private encrypted email, configured
  • Proton Drive — encrypted cloud storage
  • Proton Pass — encrypted password manager
  • Proton Calendar — private encrypted calendar
  • Full Proton setup guide (PDF)
  • Protective case included
GrapheneOSVERIFIED BOOT

Pixel 10128GB · Slate

$2,390

Order Advanced
CardBank transferBitcoin

Elite

Maximum hardening with personal onboarding — for professionals and high-risk individuals.

From $3,790

  • Everything in Advanced
  • Maximum device hardening — network, sensors, exploit protection, duress password
  • Personalised threat-model discussion
  • Apps and settings configured around your specific needs
  • 1-on-1 video onboarding call (45 minutes)
  • Personalised configuration notes
  • Faraday bag included
  • Priority support access
GrapheneOSVERIFIED BOOT

Pixel 10 Pro XL256GB · Obsidian

$3,790

Order Elite
Bank transferBitcoinCard

Hardening

Quiet protections, working by default.

No suite to open, no settings to hunt for. Every device leaves configured like this.

Sandboxed Google Play

Apps that need it get a caged, permission-scoped copy. Nothing else touches your data.

Per-app network and sensor control

Decide which apps see the internet, your camera, your mic, your location.

Auto-reboot

An idle device reboots itself, returning storage to an encrypted, locked state.

USB-C lockdown

Data access over the port is off unless you turn it on.

Duress password

A second unlock code that wipes the device instead of opening it.

Verified boot

The phone checks its own operating system on every startup and refuses to run anything altered.

2G disabled

Legacy baseband protocols cut off entirely — eliminates stingray and downgrade attacks at the hardware level.

VPN kill switch

All connections drop if the VPN goes down. Nothing leaks in plain text.

Included apps

Every device ships with these pre-installed and configured. No sign-ups, no setup required.

Signal

End-to-end encrypted calls and messages. Set as the default communications app on every device.

Proton VPN

Pre-installed and configured. No-log network, kill switch on, private DNS set.

Vanadium

GrapheneOS's hardened browser. Sandboxed, up-to-date, with privacy-focused defaults applied.

Aurora Store

Anonymous access to Play apps — no Google account required to download or update.

Organic Maps

Open-source, offline-first navigation. Works without a data connection. No tracking, no data sent home.

Proton Authenticator

Two-factor authentication that doesn't depend on Google Authenticator or a Google account.

Looked after

Ownership doesn't end at delivery.

Hardware ages, needs change, and updates matter. We stay reachable after the box is opened.

Care

A standing line to our team for updates, questions and yearly security check-ins.

Reconfiguration

Send it back and we'll rebuild it to a new profile, no data carried over.

Trade-up

Moving to new hardware credits back part of your original order.

Questions

Straight answers.

Pixels are the only Android phones that let you install a custom OS and then re-lock the bootloader. Re-locking restores Verified Boot — the hardware-level check that proves your OS is genuine on every power-on. Without that, you don't have real security. Apple doesn't permit OS replacement. Most other Android manufacturers don't support bootloader re-locking after flashing. Pixels do, which is why GrapheneOS only targets Pixels.

Yes, for most Australian banks. GrapheneOS includes Sandboxed Google Play — a version of Google's services that runs as a normal, fully sandboxed app with no special system privileges. Most banking apps work without modification. Occasionally an individual app requires a per-app compatibility setting, which we apply during setup. If you're unsure about a specific app, contact us before purchasing — or book a right-sizing consult.

No. We install official, unmodified GrapheneOS — the same build available from grapheneos.org. We don't modify the OS. The Verified Boot fingerprint on your device will match the GrapheneOS project's own published values exactly, which you can verify yourself. Our work is configuration and setup, not OS modification.

A factory reset wipes everything — including the SOVEREIGN configuration. This is a security feature of GrapheneOS, not a flaw. If this happens, the phone will still have GrapheneOS installed, but it will be unconfigured. Our Reconfiguration Service will restore it to your original configuration. Send it back to us and we'll have it back to you the next business day.

The duress password is an optional GrapheneOS feature: if you enter this specific PIN or password at the unlock screen, the phone immediately and permanently wipes all data. It's designed for situations where you're compelled to unlock your device and want to ensure your data is destroyed rather than accessed. We configure a temporary duress credential during setup, and your first task on receiving the phone is to set your own. Triggering the duress wipe, like a factory reset, wipes your configuration and will require our reconfiguration service.

We retain order information required for Australian business and tax obligations. We do not retain device contents. The temporary setup credentials we use during configuration are documented on the job sheet and destroyed after the customer confirms first boot. We do not have access to your phone after dispatch.

All sales are final once a phone ships — each is built and configured to order. There are also privacy and security reasons we don't accept phones back; a returned device may contain sensitive personal data. If your phone arrives with a genuine manufacturing defect, contact us and we'll handle it under Australian Consumer Law. Accidentally reset your phone? That's what our Reconfiguration Service is for.

Yes. We ship to New Zealand, UK, and most international destinations. Note that cellular band compatibility and import duties are the customer's responsibility. Contact us before ordering if you're outside Australia.

Yes — contact us. We can configure a Pixel you already own. Note that we'll need to verify the device condition before accepting it, and the price reflects configuration only (no hardware cost).

A threat model is simply an honest assessment of what you're protecting, from whom, and how much friction you're willing to accept to protect it. You don't need a formal threat model to benefit from a SOVEREIGN phone — but understanding yours helps us configure the right setup. Our right-sizing consult and threat-model advisory service exist for exactly this.

Order

Your signal. Your terms.

Configure a device in minutes, or leave your email and we'll walk you through it.

Or get the walkthrough by email first.