Aller au contenu
Vérifié indépendamment · Ré-audit trimestriel
EU VETTED

Cryptee

VéRIFIé
Partage de fichiers · Estonia
Fondé en 2018 · crypt.ee ↗

Estonian-incorporated zero-knowledge encrypted photos / notes / docs PWA (Cryptee, 2018, John Ozbay), bootstrapped, open source.

En bref

Cryptee, dans la catégorie Partage de fichiers, propose un hébergement dans l’UE avec Estonia comme lieu d’hébergement, mais une maison mère ou un sous-traitant américain laisse une exposition matérielle au CLOUD Act.

Notes d’évaluation

Cryptee (Tallinn, Estonia; founded June 2018 by John Ozbay) is a 100% bootstrapped Progressive-Web-App for zero-knowledge encrypted notes, documents, journals, photos, and files: AES-256 client-side encryption before data leaves the device, fully open source for public audit, Estonia is outside the 14-Eyes intelligence-sharing arrangement, and no VC/PE involvement on the cap table; however the verified sub-processor list (2026-06) shows the primary host is Google Cloud (a US-owned hyperscaler), with Cloudflare, Stripe and Sentry also US, so CLOUD Act exposure is material on a structural reading, though client-side AES-256 encryption means Google stores only ciphertext and Cryptee holds no keys; EU-owned with open-source clients, but no public DPA (the /help/privacy and /help/terms paths return 404; no DPA document exists on the public site), the key documentation gap for procurement buyers.

CLOUD ACT
OWNERSHIP
SUB-PROCS
5 · 4 US
Signaux vérifiés
Juridiction
  • Hébergement UE / adéquation
  • Opérateur UE / adéquation
  • Aucune exposition au CLOUD Act
Transparence
  • DPA public
  • Sous-traitants divulgués
  • Clients open source
  • Certification tierce
JUMP TO
OVERVIEW

À propos de Cryptee

Cryptee is an Estonian-incorporated privacy-first Progressive Web App for encrypted photos, documents, notes, journal entries, files, and personal media, founded on 1 June 2018 by John Ozbay (a cybersecurity researcher, designer, and privacy activist based in Tallinn) and 100% bootstrapped with no outside investment. The product is engineered as a Google Photos / Google Docs / iCloud Photos / Evernote replacement for users who specifically want their cloud data to be unreadable to anyone except themselves: every document, note, photo, and file is encrypted client-side with AES-256 before it leaves the device, and Cryptee mathematically cannot read the content. The source code is open and publicly available for independent audit. Cryptee positions itself as particularly relevant for victims and survivors of domestic abuse, journalists and reporters, and activists: users whose threat model assumes the cloud provider could be coerced.

For an EU-sovereignty audit Cryptee is structurally exemplary. Estonia is an EU member with a long-standing reputation for digital infrastructure and e-Residency, and crucially Estonia is outside the Five-Eyes / Nine-Eyes / Fourteen-Eyes intelligence-sharing arrangements, a positioning argument the vendor makes explicitly. Combined with zero-knowledge encryption, AGPL-style code openness, and a bootstrapped cap table with no US capital, Cryptee delivers an exceptionally clean EU-owned, EU-hosted, no CLOUD Act exposure posture. Privacy advocacy partnerships include the Electronic Frontier Foundation (EFF) and Privacy International. As a small solo-led operation, Cryptee does not pursue formal ISO 27001 / SOC 2 attestations.

Pricing in EUR: Free tier (limited storage); €3/month (Plus); €9/month (Pro); €27/month (Studio); annual discounts available. No SSO, audit log, or on-prem options at this scale. Best fit: individual privacy-conscious users, journalists, activists, NGOs, and small teams whose threat model demands true zero-knowledge encryption and minimal regulatory surface area. Procurement-grade enterprise buyers with SSO/audit/compliance documentation needs should choose Proton Drive or Tresorit instead.

SUB-PROCESSORS

Carte des sous-traitants · 5

Source ↗
  • Cloudflare Portugal, Unipessoal Lda. US
    Portugal

    CDN and security services

  • Google Ireland Ltd. (Google Cloud Platform) US
    Ireland

    Cloud infrastructure / data storage and hosting (primary host)

  • Sentry Software Netherlands B.V. (Sentry.io) US
    Netherlands

    Error collection and reporting

  • Stripe.com US
    United States

    Payment processing (subscriptions after 2021-02-21)

  • Paddle.com Market Ltd non-US
    United Kingdom

    Payment processing (subscriptions before 2021-02-21)

4 sous-traitants sur 5 sont incorporés aux États-Unis. Exposition au CLOUD Act applicable.
CERTIFICATIONS

Référentiels & certifications · aucune répertoriée

Nous avons vérifié le site de l'éditeur et les registres des organismes de certification. Aucune certification active trouvée à la date du dernier audit (2026-05-18).
FEATURES

Matrice de fonctionnalités

Stockage gratuit 0.1 Go
Stockage payant (à partir de) 10 Go
Synchro photos Non
Partage par lien Oui
Plateformes iOS Android Web
INTéGRATION & ACCèS
REST API No
SSO (SAML / OIDC) No
CONFORMITé & GOUVERNANCE
Audit log No
Self-host / on-prem option No
PRICING

Tarifs & paliers

FREEMIUM
à partir de €3/mois
Voir la page tarifs ↗
PUBLIC DOCUMENTS

Documents publics

L'éditeur ne publie pas de DPA public. Sans contrat de sous-traitance accessible publiquement, les petits clients européens ne peuvent pas signer eux-mêmes l'accord : cela est consigné comme absence de DPA publique (voir Notre méthode).
  • Contrat de sous-traitance (DPA)
    — manquant
    manquant
  • Liste des sous-traitants
    crypt.ee/help…
    Ouvrir ↗
  • Conditions d'utilisation
    crypt.ee/help…
    Ouvrir ↗
ALTERNATIVES

Alternatives dans cette catégorie

Proton Drive
Switzerland · Fondé en 2014
SOUVERAIN UE

Swiss zero-knowledge encrypted cloud (Proton AG, non-profit-foundation-controlled), 11,496 owned servers, ISO 27001 + SOC 2, 5 GB free.

DPA public Sous-traitants Open source
FROM
€4/mois
CLOUD ACT
NONE
Tresorit
Switzerland · Fondé en 2011
HéBERGé UE

Swiss-Post-owned (state-anchored) E2E encrypted enterprise cloud storage (Tresorit AG, Zurich), Swiss + EU DC options, ISO 27001.

DPA public Sous-traitants Open source
FROM
€10/mois
CLOUD ACT
MATERIAL
kDrive (Infomaniak)
Switzerland · Fondé en 1994
SOUVERAIN UE

Swiss kDrive cloud (Infomaniak, Geneva, since 1994), own Swiss DCs, ISO 27001 + B Corp 2025, district-heating heat recycling.

DPA public Sous-traitants Open source
FROM
€4/mois
CLOUD ACT
NONE