One desktop app, installed once, running entirely on your device. Code-signed and reproducible — so you can verify the binary you run matches the public source.
Pre-alpha. The v0.1 spec and threat model are public (still in draft); the desktop client is still in progress. Builds are not yet published for general use — join the GitHub releases to be notified when the first installer lands.
macOS 11 Big Sur or later · Apple Silicon + Intel
Windows 10 build 19041+ for screen-capture exclusion
No screen-capture exclusion on Linux v0.1
The same vault and the same encryption, in your pocket. Native libsodium bindings.
Argon2id parameters tuned per-device so unlock stays affordable on lower-end phones.
Signed and reproducible builds let you check that the app is exactly what we published — one link in the chain, described no more strongly than the threat model allows.
Installers are signed with hardware-backed keys. Your OS confirms the file came from us and was not altered in transit.
Rebuild the public source and get byte-for-byte the same binary. Expected hashes are published with every release.
Auto-update checks signature and hash before any code runs. A failed check is refused — you are never silently downgraded.