Self-hosted Synapse or Dendrite homeservers with federation hardening, bridge setup, LDAP/SSO integration, and full Element Web hosting.
We deploy production-grade Matrix homeservers for organizations that need encrypted, federated communication without dependence on matrix.org or any third-party. Synapse or Dendrite, your choice. Federation hardening, media repository, bridge setup for Telegram/Slack/Discord/WhatsApp, LDAP/AD user sync, Element Web with custom branding, and complete runbooks so your team can operate independently.
Full homeserver deployment with PostgreSQL backend, media repository (S3-compatible), and rate-limiting tuned for production.
Strict federation ACLs, server key pinning, anti-abuse rules, and optional closed federation mode for high-security environments.
Telegram, Slack, Discord, WhatsApp, and email bridges. Bi-directional message sync, user puppeting, and per-bridge rate limits.
Sync users and groups from Active Directory, LDAP, or Keycloak. Single sign-on via your existing identity provider.
Branded Element Web deployment with custom branding, room presets, and restricted server list. Served from your domain.
Full operational runbooks: user onboarding, bridge restarts, federation debugging, media pruning, and upgrade procedures.
Map your existing comms tools, user count, bridge needs, and federation requirements. Define open vs closed federation policy.
Deploy homeserver, configure federation, set up bridges, and integrate with your identity provider.
Migrate existing conversations where possible, create user accounts, and run onboarding sessions for staff.
Full runbooks, monitoring dashboards, and team training. 30-day post-deployment support included.
Synapse for production — it's mature, battle-tested, and has the widest bridge support. Dendrite for resource-constrained environments or if you need a Go-native stack. We've deployed both.
Slack history can be migrated via the Slack bridge and export tools. Teams migration is partial — we can migrate channels and recent messages but not all attachment types. We'll scope this explicitly in the SOW.
By default we configure open federation (you can talk to any Matrix user). We can lock it down to specific servers only — useful for legal/healthcare environments where you need to control who can contact your users.
For most deployments under 500 users: Dendrite. It has a significantly lower resource footprint, a cleaner codebase, and as of 2025 it handles the full Matrix spec for production use. For deployments requiring specific Synapse modules, bridge compatibility requirements, or existing Synapse migrations, we use Synapse. We recommend against choosing Synapse by default for new deployments.
Element X (mobile and desktop) as of 2025–2026. It's the first Matrix client that matches the usability of mainstream alternatives — fast, reliable, and the default choice for new deployments. We configure and distribute the Element X client as part of deployment with your homeserver pre-configured and optional branding applied.
Yes, by default. Federation is what makes Matrix useful — your users can communicate with users on any other Matrix server. If your deployment has regulatory requirements that prohibit external federation (some financial and healthcare environments), we can configure a restricted federation policy that only federates with specific trusted servers.
Uploaded files, avatars, and voice messages are stored outside the database in an S3-compatible object store. We configure this during deployment — either an on-premise MinIO instance, or an existing S3 bucket you own. Media retention policies and size limits are set at the homeserver level. Media is never stored on matrix.org infrastructure.
Matrix uses the Olm/Megolm protocol for end-to-end encryption in private rooms — messages are encrypted client-side and the server never has access to plaintext content. E2EE is enabled by default for direct messages. Room-level E2EE is configurable. We configure key backup to an encrypted key server so users don't lose message history when switching devices.
Full Dendrite deployment with Element X clients, federation to the public Matrix network, E2EE enforced in all sensitive rooms, and staff training included. Sensitive programme data now fully off third-party servers.
Tell us your team size, which platforms you're migrating from (Slack, WhatsApp, Teams), and any compliance requirements. We'll scope it and respond within 24 hours.
Technical guides on the infrastructure and processes behind Matrix deployments.
Dendrite vs Synapse, federation hardening, Element X setup, Mautrix bridge deployment — the honest guide to what actually works now.
Matrix homeservers integrate with Keycloak via OIDC. This guide covers the full realm setup, client configuration, and MFA enforcement we use in every deployment.
Admin access to every Matrix homeserver is restricted to WireGuard — management ports stay off the public internet.
Every Matrix deployment uses restic — encrypted daily backups, tested restores, and Prometheus alerts that catch missed backup runs before they become a problem.