Security

Front-End Encryption

Your documents, files and contacts never leave your device unencrypted.

They are encrypted at all times using AES-256, with your encryption key, which we do not have access to.


We can't see the contents of your documents, files or contacts. Only you can.

This means two things:

1 - Even if a government entity asks for your data, we can only provide them with the encrypted data. AES-256 means it would take millions of years to crack open your data, even with supercomputers.

2 - Regardless of what servers or cloud infrastructure we use, your files are only accessible to you. This means that we don't have to operate or maintain our own expensive physical servers and that we can use any cloud provider with confidence. This allows us to reduce costs and provide a more reliable service to you. Even if our servers are compromised or your data is seized, no third party can access your data.


With Cryptee, your data privacy is mathematically ensured.


Open Source Cryptography

We only use the open sourced OpenPGP.js

Using open source cryptography means that we can verifiably guarantee that our encryption algorithms do not have any backdoors.

Cryptee's open source software is reviewed regularly and thoroughly by global security experts, ensuring that we can provide the best unbiased protection.


Anonymity

No personally identifiable information required for signup.

We do not track or log any user activity, nor do we require you to use an email address or any other form of personally identifiable information.

Combined with our front-end encryption, this also means that we can't serve you targeted advertisements. (We hate ads as much as you do.)


Ultimate Deniability

Cryptee is built to protect you against forceful access to your account.

We know that there could come a day when someone coerces you to log in and unlock your data.

In cryptography, this is called "Rubberhose Cryptanalysis". Here's an XKCD comic describing exactly this.

Our "Ghost Folders" feature is here to protect you in these tough situations, where there is an asymmetry of power. If you "ghost" a folder, it will be removed from your account until you type in that folder's name again.

This means that even if you are forced to give a third party the keys to your account, your most sensitive data will still be safe and you can deny the existence of certain files and folders.


SSL Connections

We only serve our pages over SSL.

This ensures that the communications between our servers and your devices are secured and not tampered with by third parties. Combined with our encryption, Cryptee also protects you from Man-in-the-Middle (MITM) attacks.


Based in Estonia

We are incorporated in Estonia

Famously named "the most advanced digital society in the world" by Wired, Estonia is leading a technological revolution at the state level.

This means we are based outside of U.S. and 14 eyes jurisdiction. We can only disclose your (very limited and encrypted) data to third parties, if there's an Estonian court order.


Easy to use

The greatest weakness in most security systems, is the human factor.

We strongly believe that security and privacy should be easy to use. Ideally, security is so easy that it's invisible to the user.

We designed Cryptee with this in mind. There is nothing to install, no encryption keys to manage, and no confusing user interfaces