Status: Pre-Alpha / In Development

Encryption, Unshackled.

The upcoming open-source fork of Cryptomator designed for total transparency. We are currently testing our build pipeline and preparing the initial source release.

Public testing phase scheduled for Late 2024

Build-Friendly

We've restructured the build system (Maven/JDK) to be truly "checkout and run." No hidden keys or complex environment setups required.

UX Refinements

Includes community patches that haven't made it upstream yet: denser file lists, improved dark mode contrast, and reduced memory footprint.

Telemetry Free

We have stripped out all crash reporting and update checks that connect to external servers. Your usage data stays on your machine.

True "Verify Then Trust"

The original app is open source, but building it can be a headache. We are working to ensure that when we launch, if you can't easily build it, you shouldn't trust it.

Note: The build process below is a preview of our target workflow.

Single-script compilation for Linux, Windows, and macOS.
Reproducible builds: What you build is what we ship.
Dependencies pinned and vendored where possible.

Read the build docs

bash

1 # Repo coming soon...

2 git clone https://github.com/libre-crypto/app.git

3 cd libre-cryptomator

4 # The magic happens here:

5 ./build.sh --release

[INFO] Building LibreCryptomator v1.7.0
[INFO] Downloading dependencies...
[INFO] Compiling modules...
[SUCCESS] Build complete! Binary located in /dist

Why the Fork?

Feature	Original	Libre Fork
Encryption Engine	AES-256	AES-256
Build Complexity	High (Complex Env)	Simplified
Auto-Updater	Included	Removed (Privacy)
Signing Keys	Company Only	Community/Self
UI Performance	Standard	Optimized

* We maintain full compatibility with existing Cryptomator vaults. You can switch back and forth safely.

Privacy Policy

Policy Status: Active as of Nov 2024. This policy strictly prohibits the sale or misuse of user data.

1. Google User Data Access & Collection

LibreCryptomator is a "local-first" application. However, if you explicitly choose to connect a Google Drive account to sync your vaults, the application interacts with the Google Drive API. We collect and process the following data solely on your local device:

Authentication Tokens: OAuth2 access and refresh tokens to verify your identity with Google.
File Metadata: Names, sizes, and modification timestamps of encrypted files (specifically `.c9r` files and directory IDs) to facilitate synchronization.

2. Use of Google User Data

We use the data collected from Google services strictly to provide the application's core functionality:

To authenticate your session with Google Drive.
To list, upload, download, and delete encrypted vault files as directed by you.

Strict Prohibition: We do NOT use your Google user data for targeted advertising, credit-worthiness assessment, lending purposes, AI model training, or personalized advertisements.

3. Data Sharing & Disclosure

We do not transfer, share, or sell your Google user data to any third parties, data brokers, or information resellers. All data processing occurs locally on your machine. No "phone home" requests are made to our servers for analytics or usage tracking.

4. Data Protection Mechanisms

We employ industry-standard security measures to protect your data:

Encryption in Transit: All communication with Google APIs occurs over HTTPS/TLS.
Encryption at Rest: Authentication tokens are stored in your operating system's secure keychain (e.g., Windows Credential Manager, macOS Keychain, or Gnome Keyring).

5. Data Retention & Deletion

Retention: We retain your authentication tokens only as long as you remain signed in to the application on your device.

Deletion: You may delete this data at any time by:

Clicking "Remove Account" or "Sign Out" within the application settings.
Revoking the application's access via your Google Account Permissions page.

Upon these actions, the tokens stored locally on your device are immediately deleted.