Encrypted in your browser
Mail and files are encrypted on your device before they leave it, using modern elliptic-curve encryption. We move the data — we can never read it.
End-to-end encrypted email & storage
Confidesk encrypts your mail and files in your browser, on your device. The server only ever holds scrambled data — so nobody else can open it. Not even us.
Decrypted just for you, in this browser. No tracking pixels loaded — opening this told the sender nothing.
Why Confidesk
Most email asks you to trust the provider with everything. Confidesk is built so that trust isn't required — your data lives on our servers as scrambled gibberish, and the keys never leave your device.
Mail and files are encrypted on your device before they leave it, using modern elliptic-curve encryption. We move the data — we can never read it.
Your key is unlocked in memory, only while you're signed in, only by a passphrase that never leaves your device. There is no reset and no back door.
Messages open as plain text by default and remote content stays blocked, so reading a message tells the sender nothing — no read receipts, no tracking pixels, no hidden code.
Share a contact form so anyone can send you an encrypted message — no account needed — and use Secure Send to deliver a one-time encrypted message to anyone, anywhere.
More than email
Mail is just the start. The same encryption protects your files, passwords, and conversations — all readable only by you.
Send and receive mail encrypted to your key — readable only by you, on your device.
Keep documents in encrypted storage — decrypted only when you open them, in your browser.
A built-in KeePass (.kdbx) manager for your passwords — the same file opens anywhere.
End-to-end encrypted one-to-one and group chat — sealed separately for each person.
Open PDFs, documents, images, and video inside a sealed frame — nothing runs, nothing tracks.
Advanced accounts run several of your own identities, aliases, and custom domains.
Signing in
Every sign-in uses a login code we email you and a passphrase we never see. One proves it's you; the other unlocks your key — right in your browser. Prefer an authenticator app? Use any TOTP app in place of the emailed code.
You start the sign-in from any device, any browser.
A short, one-time code goes to your external address — proving you control it.
Your encrypted key reaches your browser and your passphrase unlocks it, in memory only.
Your passphrase decrypts your key on this device. We never receive it.
Unlock held in memory only · erased on sign out
The test that proves it
Confidesk can't recover yours — and that's the proof. No reset link, no recovery code, no back door: your passphrase is the only key, and it lives in exactly one place, your memory. That's the trade for data only you can read. Want certainty over a promise? You can even remove your key from our servers entirely and provide it yourself at each sign-in.
Built on one rule
Anything that would need a machine other than yours to read your mail is something Confidesk deliberately won't do. That rules out a few features you might expect — because offering them would break the whole promise.
We can't read your mail to index it. A search would mean decrypting your whole mailbox in your browser — we may add a limited in-browser version later.
Both would need our servers to read each message. You forward and organise yourself, in your browser, where your mail is decrypted only for you.
Accounts are for one person. Sharing a mailbox would mean handing over a key only you control. One Advanced account can hold many of your own identities — never someone else's.
The difference
Confidesk for desktop
A native app for macOS, Windows, and Linux — a fully PGP-compatible email client that keeps working with no connection. Add your own IMAP and POP mailboxes, and everything stays stored encrypted, locally on your device.
Pricing
Prices shown in USD · your exact local-currency price is shown before you commit · email is mostly text, so storage goes far — add more anytime in 1 GB steps.
FAQ
Your key only lives in your browser's memory, and only while a page is open. Anything that reloads the page — a refresh, or returning from a payment — throws that memory away, so the app has to unlock your key again. Being asked is the security working as intended, not a sign anything is wrong. It usually isn't a full new sign-in, just your passphrase.
Your data is gone — there is no reset link, recovery code, or support process that can open it, for you or for us. We can't read your data, so we can't restore it. Store your passphrase somewhere safe and durable; treat losing it like losing the only key to a vault.
Yes, at registration. Choose "Use my own keypair" and upload a standard (v4) Curve25519 key — an ed25519 signing key with a cv25519 encryption subkey, protected with a passphrase. RSA and NIST-curve keys aren't accepted. A key can't be swapped later, since your data is encrypted to it.
On a browser you own and keep locked, you can mark it trusted so Confidesk signs you in without asking for your passphrase each time. It stores your key encrypted on that device for about a month, then asks again. Never trust a shared or public computer — anyone who can use an unlocked trusted device could read your mail.
No — and that's deliberate. A native app would have to go through Apple's and Google's stores on their terms. We'd rather not put your data's security in a process we don't fully control, so we give you a mobile-friendly interface in your phone's browser, with the same encryption and guarantees.
No. Confidesk protects the contents of your data absolutely — nobody but you can read it. But your account is tied to a real external email and a one-time payment, so it isn't designed to hide who you are. It keeps what you write private; it doesn't promise to hide that you exist or who you talk to.