Zum Inhalt springen
Unabhängig verifiziert · Quartalsweises Re-Audit
EU VETTED

Cryptee

VERIFIZIERT
Dateifreigabe · Estonia
Gegründet 2018 · crypt.ee ↗

Estonian-incorporated zero-knowledge encrypted photos / notes / docs PWA (Cryptee, 2018, John Ozbay), bootstrapped, open source.

Kurzfassung

Cryptee aus der Kategorie Dateifreigabe bietet EU-Hosting mit Estonia als Hosting-Standort, doch ein US-Mutterkonzern oder Unterauftragsverarbeiter hinterlässt ein materielles CLOUD-Act-Risiko.

Bewertungsnotizen

Cryptee (Tallinn, Estonia; founded June 2018 by John Ozbay) is a 100% bootstrapped Progressive-Web-App for zero-knowledge encrypted notes, documents, journals, photos, and files: AES-256 client-side encryption before data leaves the device, fully open source for public audit, Estonia is outside the 14-Eyes intelligence-sharing arrangement, and no VC/PE involvement on the cap table; however the verified sub-processor list (2026-06) shows the primary host is Google Cloud (a US-owned hyperscaler), with Cloudflare, Stripe and Sentry also US, so CLOUD Act exposure is material on a structural reading, though client-side AES-256 encryption means Google stores only ciphertext and Cryptee holds no keys; EU-owned with open-source clients, but no public DPA (the /help/privacy and /help/terms paths return 404; no DPA document exists on the public site), the key documentation gap for procurement buyers.

CLOUD ACT
OWNERSHIP
SUB-PROCS
5 · 4 US
Geprüfte Signale
Jurisdiktion
  • EU-/Angemessenheits-Hosting
  • EU-/Angemessenheits-Betreiber
  • Keine US-CLOUD-Act-Exposition
Transparenz
  • Öffentlicher AVV
  • Unterauftragsverarbeiter offengelegt
  • Open-Source-Clients
  • Zertifizierung durch Dritte
JUMP TO
OVERVIEW

Über Cryptee

Cryptee is an Estonian-incorporated privacy-first Progressive Web App for encrypted photos, documents, notes, journal entries, files, and personal media, founded on 1 June 2018 by John Ozbay (a cybersecurity researcher, designer, and privacy activist based in Tallinn) and 100% bootstrapped with no outside investment. The product is engineered as a Google Photos / Google Docs / iCloud Photos / Evernote replacement for users who specifically want their cloud data to be unreadable to anyone except themselves: every document, note, photo, and file is encrypted client-side with AES-256 before it leaves the device, and Cryptee mathematically cannot read the content. The source code is open and publicly available for independent audit. Cryptee positions itself as particularly relevant for victims and survivors of domestic abuse, journalists and reporters, and activists: users whose threat model assumes the cloud provider could be coerced.

For an EU-sovereignty audit Cryptee is structurally exemplary. Estonia is an EU member with a long-standing reputation for digital infrastructure and e-Residency, and crucially Estonia is outside the Five-Eyes / Nine-Eyes / Fourteen-Eyes intelligence-sharing arrangements, a positioning argument the vendor makes explicitly. Combined with zero-knowledge encryption, AGPL-style code openness, and a bootstrapped cap table with no US capital, Cryptee delivers an exceptionally clean EU-owned, EU-hosted, no CLOUD Act exposure posture. Privacy advocacy partnerships include the Electronic Frontier Foundation (EFF) and Privacy International. As a small solo-led operation, Cryptee does not pursue formal ISO 27001 / SOC 2 attestations.

Pricing in EUR: Free tier (limited storage); €3/month (Plus); €9/month (Pro); €27/month (Studio); annual discounts available. No SSO, audit log, or on-prem options at this scale. Best fit: individual privacy-conscious users, journalists, activists, NGOs, and small teams whose threat model demands true zero-knowledge encryption and minimal regulatory surface area. Procurement-grade enterprise buyers with SSO/audit/compliance documentation needs should choose Proton Drive or Tresorit instead.

SUB-PROCESSORS

Unterauftragsverarbeiter-Karte · 5

Quelle ↗
  • Cloudflare Portugal, Unipessoal Lda. US
    Portugal

    CDN and security services

  • Google Ireland Ltd. (Google Cloud Platform) US
    Ireland

    Cloud infrastructure / data storage and hosting (primary host)

  • Sentry Software Netherlands B.V. (Sentry.io) US
    Netherlands

    Error collection and reporting

  • Stripe.com US
    United States

    Payment processing (subscriptions after 2021-02-21)

  • Paddle.com Market Ltd non-US
    United Kingdom

    Payment processing (subscriptions before 2021-02-21)

4 von 5 Unterauftragsverarbeitern sind in den USA registriert. CLOUD-Act-Risiko anwendbar.
CERTIFICATIONS

Rahmenwerke & Zertifizierungen · keine gelistet

Wir haben die Website des Anbieters und die Register der Zertifizierungsstellen geprüft. Keine aktiven Zertifizierungen gefunden zum Zeitpunkt der letzten Prüfung (2026-05-18).
FEATURES

Funktionsmatrix

Kostenloser Speicher 0.1 GB
Bezahlter Speicher (ab) 10 GB
Fotosynchronisierung Nein
Link-Freigabe Ja
Plattformen iOS Android Web
INTEGRATION & ZUGRIFF
REST API No
SSO (SAML / OIDC) No
COMPLIANCE & GOVERNANCE
Audit log No
Self-host / on-prem option No
PRICING

Preise & Tarife

FREEMIUM
ab €3/Monat
Preisseite ansehen ↗
PUBLIC DOCUMENTS

Öffentliche Dokumente

Anbieter veröffentlicht keinen öffentlichen AVV. Ohne öffentlich zugänglichen Auftragsverarbeitungsvertrag können kleine EU-Kunden den Verarbeitervertrag nicht selbst abschließen. Dies wird als fehlender öffentlicher AVV vermerkt (siehe So prüfen wir).
  • Auftragsverarbeitungsvertrag (AVV)
    — fehlt
    fehlt
  • Liste der Unterauftragsverarbeiter
    crypt.ee/help…
    Öffnen ↗
  • Nutzungsbedingungen
    crypt.ee/help…
    Öffnen ↗
ALTERNATIVES

Alternativen in dieser Kategorie

Proton Drive
Switzerland · Gegründet 2014
EU-SOUVERäN

Swiss zero-knowledge encrypted cloud (Proton AG, non-profit-foundation-controlled), 11,496 owned servers, ISO 27001 + SOC 2, 5 GB free.

Öffentl. AVV Subprozessoren Open Source
FROM
€4/Mt.
CLOUD ACT
NONE
Tresorit
Switzerland · Gegründet 2011
EU-GEHOSTET

Swiss-Post-owned (state-anchored) E2E encrypted enterprise cloud storage (Tresorit AG, Zurich), Swiss + EU DC options, ISO 27001.

Öffentl. AVV Subprozessoren Open Source
FROM
€10/Mt.
CLOUD ACT
MATERIAL
kDrive (Infomaniak)
Switzerland · Gegründet 1994
EU-SOUVERäN

Swiss kDrive cloud (Infomaniak, Geneva, since 1994), own Swiss DCs, ISO 27001 + B Corp 2025, district-heating heat recycling.

Öffentl. AVV Subprozessoren Open Source
FROM
€4/Mt.
CLOUD ACT
NONE