Group chats are such an integral part of many organizations that sharing sensitive information is par for the course, but it's fair to say that the majority of users would prefer it if whatever was discussed in Slack stayed in Slack— forever. And it's not just mild embarrassment at stake. Think of all the business secrets being traded or relationships that would come to a screeching halt if customers or clients knew what was really being said within the confines of a group chat room. (This reality recently hit home for teachers at Blackstone Valley Prep in Rhode Island, who came under fire after insulting their own students in a series of disparaging, expletive-laden Slack discussions, which were likely accessed when a teacher's email account was hacked, and then forwarded widely from that same account.)
Enter Semaphor. Think of it as Slack's privacy-savvy and slightly paranoid younger cousin. It's the brainchild of SpiderOak, the same company whose backup product Edward Snowden recommended as a Dropbox alternative a few years back. SpiderOak also made waves for ditching Google Analytics in December 2015. All content (including file attachments) is end-to-end encrypted so that even SpiderOak can't read it. If the company is hacked (or the chats are subpoenaed--something that Gawker learned about the hard way), the only information SpiderOak will be able to access is a bunch of gobbledygook ciphertext.
Semaphor's design decisions protect communications in various additional ways. For one, it's an app you download to your phone, laptop, or desktop computer, so it lacks the many security risks associated with web apps. The tool generates multi-word passphrases for users, offering some protection from the security risks associated with self-generated passwords, which are often so poor that they're susceptible to guesswork, not to mention brute force attacks.
Because you can't use emails to invite or onboard users into a group, companies are less susceptible to phishing. Channels, groups, and personal messages are independently cryptographically secure conversations using different keys. (That prevents someone with a USB drive who has access to the servers from walking out with all the data). Users can even compare public keys or unique patterns to verify each other's identities, a feature that other messaging tools don't offer. Oh, and you can view the client-side source code, too.
Some companies store data along with the keys to access it on their own servers. Other companies allow users to host collaborative chat tools on their own servers, but then there's nothing stopping a rogue sysadmin from accessing whatever information they want (other than their own conscience, that is). Because Semaphor encrypts chat before it even leaves users' computers, any data collected from their servers will have no value because nobody will be able to read it.
Semaphor is easy to use and visually appealing, but it does lack a few features—no URL previews, no email digest—but really, it's for your own privacy and security. SpiderOak doesn't store passwords or answers to password hints, which means that if you lose your devices and your backup code, you're S.O.L., so that's something to keep in mind as well. But if you're paranoid aware of all of the risks associated with your chat transcripts getting leaked, Semaphor could well be the chat tool for you.
Semaphor has a free basic plan with a 30-day history, a $6/month plan for personal use, and a $9/month pro plan. It is available for iOS, Android, MacOS, Windows, and Linux.