Zero-knowledge by design

Your files, encrypted before they leave your device.

Vault Desk is an end-to-end encrypted drive. Everything is encrypted on your device — the server only ever stores ciphertext and wrapped keys. Not even we can read your files.

XChaCha20-Poly1305 OPAQUE login Key Transparency Open crypto core
Built on libsodium OPAQUE aPAKE (RFC 9807) X25519 sealed sharing Ed25519 signatures Argon2id key derivation
Everything you'd expect — privately

A full drive that the server can't read

Upload, organize, share, and recover your files. Every operation happens over data that's already encrypted on your device.

End-to-end encryption

Each file is encrypted client-side with XChaCha20-Poly1305 before it's uploaded. The server stores only ciphertext.

Passwordless-safe login

OPAQUE means your password never leaves your device — not even hashed. The server can authenticate you without ever seeing it.

Secure sharing

Share a file and its key is sealed to the recipient's public key. Revoke access or change roles whenever you like.

Public links

Share with anyone. The decryption key lives in the link itself (after the #) and never reaches our servers. Add a password and an expiry.

Key Transparency

Recipients' public keys are published in a tamper-evident, append-only log — so the server can't quietly swap in a key it controls.

Account recovery

Forget your password? A one-time recovery key restores access — without us ever holding the keys that decrypt your files.

How zero-knowledge works

The key never leaves your hands

Three steps, and at no point does the server hold anything it can decrypt.

Encrypt on your device

Your password derives your keys locally. Files are encrypted in the browser before a single byte is uploaded.

Upload only ciphertext

The server receives encrypted blobs and wrapped keys it has no way to open. Filenames are encrypted too.

Only you hold the keys

Sign in from any device to unwrap your keys and decrypt locally. The server never sees your files or your password.

Threat model first

Built so a breach reveals nothing

Vault Desk assumes the server can be compromised. Because keys are derived and held only on your devices, an attacker who steals the entire database gets encrypted blobs and wrapped keys — useless without your password.

Server stores only ciphertextEncrypted blobs plus wrapped keys — no plaintext, ever.
Your password is never transmittedOPAQUE proves you know it without sending it.
Tamper-evident key directoryKey Transparency lets clients catch a substituted key.
One small, auditable crypto coreBuilt on libsodium and shared across web and mobile.
Wherever you work

One encrypted vault, every device

Web app

A fast, modern drive in your browser. Built with Next.js and React — no plugins, nothing to install.

Mobile apps

iOS and Android share the exact same crypto core, so encryption behaves identically — byte for byte — across platforms.

Simple pricing

Private storage for everyone

Start free. Upgrade when you need more room. Encryption is the same on every plan — total.

Free

$0 /month

For getting started.

  • 5 GB encrypted storage
  • Secure sharing & public links
  • Web & mobile
Get started
Most popular

Plus

$4 /month

For everyday peace of mind.

  • 250 GB encrypted storage
  • Password-protected links + expiry
  • Priority support
Choose Plus

Team

$15 /month

For organizations.

  • 1 TB encrypted storage
  • Shared team spaces
  • Admin controls & audit
Contact sales

Illustrative pricing — adjust to your plans.

Questions

Good to know

What does “zero-knowledge” actually mean?

It means we have zero knowledge of your file contents. Encryption and decryption happen entirely on your device. The servers only ever hold ciphertext and keys that are themselves encrypted (“wrapped”), so no one operating Vault Desk can read your files.

What happens if I forget my password?

At sign-up you get a one-time recovery key. It independently unlocks your account and re-wraps your keys under a new password — all on your device. Because we never hold your keys, keep that recovery key somewhere safe: it's the only backup.

Can Vault Desk (or a hacker) read my files?

No. Our threat model assumes the server may be compromised. Even with full access to the database, an attacker sees only encrypted blobs and wrapped keys — unusable without your password, which is never transmitted.

Is the encryption open to inspection?

Yes. Vault Desk uses standard, well-reviewed primitives from libsodium (XChaCha20-Poly1305, X25519, Ed25519, Argon2id) in a single, small crypto core shared across web and mobile — deliberately easy to audit.

Where are my files stored?

Encrypted blobs live in object storage; encrypted metadata and wrapped keys live in the database. You can also self-host the whole stack — the data is meaningless without the keys only you hold.

Take back control of your files

Create your encrypted vault in under a minute. Free to start, private by design — and only you ever hold the keys.