Secure multi-user file storage with encryption, fragmentation, and permanent deletion.
Optimized for local workflows — no data leaves the app without your explicit consent.
Get the latest MVP as a Docker image;
more installation options will follow.
Installed on any preferred hardware and works locally with role-based access.
Stored files remain secure and fully protected from external interference.
Isolated
workspace
Works without requiring internet connection.
There is no implicit data traffic or statistics collection.
Protected
storage
Internal storage is strongly encrypted,
fragmented and protected by a secret key.
Role-based
access
Access control is managed through roles with defined
permissions to prevent accidental data loss.
Multi-factor
authentication
Multi-factor authentication with one-time
codes protects all user logins.
Zero audit
surface
No user activity logs are kept, preventing metadata exposure.
Not just storage, a fortress within
Files are encrypted, blended into a single structure, and secured with a key.
Even if the storage is stolen or exposed, the data remains unreadable.
1
Initial uploading
Files are uploaded to internal storage, isolated from the outside.
2
Automated encryption
Encryption occurs automatically for all data kept inside the storage.
3
Block-level fragmentation
Encrypted binary data is segmented into multiple isolated data shards.
4
Random shuffling
Shards are obfuscated, mixed and combined in a unified data structure.
5
Secret key protection
The reverse recovery mechanism is protected by an extractable secret key.
To protect at any cost or destroy forever
All operations rely on a secret key. If it's extracted, access is instantly disabled.
In emergency scenarios, files can be irreversibly wiped to eliminate risk.
Lockdown
mode
An internal application-level lockdown mode safeguards data
from modification or deletion while it is engaged.
Secret key
protection
A single secret key governs access. If extracted, it
instantly locks all data, making it permanently inaccessible.
Irreversible
deletion
File deletion on HDDs and filesystems without copy-on-write
delivers stronger resistance to recovery.
Everything you need, ready to go
Focused on simplicity — with tagging, sorting, and smooth navigation.
No unused features, no added complexity. Just a clean, intuitive tool.
One app that adapts to you
Run it solo, share with a team, or integrate as a secure data node.
Or combine these modes seamlessly to match your workflow.
Standalone
The app can be installed on the personal computer
or laptop and used by a single user.
Teamwork
Multiple approved users can access the app when it
is installed on a device used within a local network.
Repository
Custom client programs or services can utilize the app's
API to save data from multiple sources.
Simple roles, clear permissions
Predefined roles control who can view, add, or edit content.
This protects sensitive data while enabling collaboration.
Reader
Can only view existing data. Cannot create, change or delete anything.
Author
Can view and create data, but cannot change or delete anything.
Editor
Can view, create and change data, but cannot delete anything.
Admin
Any operations on data and service functions are available.
What's under the app hood
The project is based on stable and widely adopted technologies,
making it easy to maintain, extend, and customize when needed.
Powerful
core
Powered by FastAPI to deliver asynchronous performance.
Lightweight
shell
A single-page pattern on React reduces hardware and network load.
High performance PostgreSQL database stores data safely.
From smart core to infinite scale
A microkernel-based foundation with addon support and encrypted data handling — built for flexibility, maintainability, and control.
The app follows a microkernel architecture, where the core
functionality can be seamlessly extended through a hook-based
addon system, allowing external modules to interact with
internal functions without modifying the core itself. All data
operations — including encryption, decryption, fragmentation,
and reassembly — are handled exclusively through the repository,
which requires a secret key. This ensures a secure mechanism
for accessing internal data.
One app for every integration
A well-documented public API and full backend reference allow external software
and developers to integrate, extend, and understand the app with ease.
Public API
A complete Public API powered by Swagger makes the app
fully programmable. You can integrate it, customize it,
or build your own frontend:
http://localhost/docs
Documentation
Developer-friendly Sphinx documentation is included,
describing every part of the backend for easy understanding and extension:
http://localhost/sphinx/
Questions and answers
How to extract the secret key?
Secret key management is available under Management > Secret Key.
There you can view the current key and its location, or delete it entirely.
Before deletion, make sure to copy the key to a safe location.
How to restore the secret key?
It cannot be restored if lost. Make sure you have a copy of the secret key stored
in a safe place — losing it means losing access to all data.
How to change the path of the secret key?
The secret key can be stored at any path accessible to the app — for example,
a network folder, USB drive, or any local directory. To change the default
location, update the SECRET_KEY_PATH variable in the .env file,
move the secret key to the new path and restart the app.
How to migrate data between apps?
To migrate data, you'll need three things: the uploaded files, the database
contents, and the secret key. If you're using the Docker version of the app,
uploaded files and the database are stored in the hidden-appdata and hidden-pgdata
volumes. Copy the contents of both volumes and make sure you also have a copy
of the secret key — it's required to access the data after migration.
How does data encryption work?
The app uses AES for symmetric encryption and SHA-256 for integrity verification.
Each file is encrypted using a unique key derived from the master secret key. In addition to files, the contents of the database are also encrypted, including sensitive records and metadata.
The encryption covers both data and structure, preventing analysis of file contents or relationships.
All encrypted data is stored in a unified format and cannot be accessed or restored without the secret key.
How does unrecoverable deletion work?
The app uses the shred
utility to securely delete data by overwriting it multiple times with random bytes.
This makes recovery impossible after deletion. The number of overwrite cycles can be configured
via the APP_SHRED_CYCLES setting in the .env file.
How to integrate the app in existing workflow?
The app provides a public HTTP API and complete documentation.
You can use the API to create, read, update, and delete data, manage files, or trigger specific operations from external systems.
Integration can be performed using any language or tool that supports HTTP requests.
