← Back to apps
Cryptomator logo

Encryption

Cryptomator

Client-side

tool for with transparent integration

Privacy score 89 Free Technical: Intermediate Open source
Visit website

Cryptomator offers a privacy-conscious alternative in the

space, with a stronger focus on data protection than many mainstream tools.

Desktop Mobile

Who is this for?

Good for you if:

  • You want to encrypt files before uploading to (Dropbox, Google Drive, etc.)
  • You need AES-256 for file contents and filenames
  • You prefer open-source solution
  • You want transparent integration (works like a USB drive)
  • You need that works with any service

Think twice if:

  • You need for files on your local computer (only encrypts for cloud)
  • You want automatic cloud sync with (requires manual mounting)
  • You need the simplest setup
  • You want (timestamps, file sizes not encrypted)
  • You need offline-only (designed for )

Overview

Cryptomator implements client-side encryption

for cloud storage using AES-256 encryption with 256-bit keys. The master key is derived from the user password using scrypt key derivation function with configurable parameters. The master key never leaves the device and is never transmitted to cloud storage services. File names are encrypted using AES-256-SIV mode. Each file has its own encryption key derived from the master key and file ID. All encryption and decryption operations happen on the client device before files are uploaded to cloud storage. Cryptomator creates encrypted vaults that appear as regular folders to cloud storage services. The application is open source (GPL-3.0) and maintained by Skymatic.

Privacy highlight

Client-side

for with zero-knowledge architecture. Your cannot access your encrypted files.

Quick facts

Country:
🇩🇪 Germany
Pricing:
Free
Platform:
Desktop, Mobile
Technical:
Intermediate
:
Yes
:
No telemetry
:
Yes
Open-source status:
Fully open source
:
Yes
:
Yes

Key features

  • Tool for encrypting your files.
Security & encryption Click to expand
Yes
Encryption protocols
AES-256
Cryptomator uses AES-256 with 256-bit keys for . The master key is derived from the user password using scrypt key derivation function with configurable parameters. The master key never leaves the device and is never transmitted to services. File names are encrypted using AES-256-SIV mode. Each file has its own key derived from the master key and file ID. All and decryption operations happen on the client device before files are uploaded to .
Offline support
Yes
Telemetry & tracking Click to expand
No telemetry
No
Ip no
Cryptomator does not collect data. The application operates entirely locally and does not connect to external services for or . Cryptomator does not transmit data to external servers. The application processes and decryption locally on the user's device. All operations happen offline without any data transmission.
Jurisdiction & compliance Click to expand
Cryptomator is maintained by Skymatic, which is based in Germany. However, since Cryptomator encrypts files locally and stores them in the user's cloud storage service, Skymatic does not have access to user data. Encrypted vault data is stored in the user's chosen cloud storage provider (Dropbox, Google Drive, etc.), so data residency depends on the cloud provider.
Cryptomator does not retain data on external servers. All encrypted vault data is stored in the user's service (Dropbox, Google Drive, etc.) - Cryptomator does not have access to this data. The application does not transmit data to Cryptomator servers. Users have complete control over through their provider. Cryptomator does not require any cloud services or accounts.
Legal frameworks
GDPR (where applicable). Cryptomator is maintained by Skymatic, which is based in Germany.
Revenue sources
Donations, Enterprise
Editorial signals Click to expand
89
Trust score
87
Trust breakdown (0–10)
Encryption: 95, Audits: 85, Open source: 95, Telemetry: 100, Jurisdiction: 85, Transparency: 85, Trackers: 100
Editorial notes
Usability: 80, Performance: 85, Family friendly: 75
User experience Click to expand
Signup requirements
No account required for desktop use. Cryptomator desktop application is free and does not require registration. Mobile apps may require purchase but no account is needed. No email or personal information required.
Onboarding difficulty (1-5)
2
Accessibility features
Cryptomator includes accessibility features such as keyboard navigation. The application follows accessibility guidelines. Mobile apps include standard mobile accessibility features.
Backup & portability Click to expand
Yes
Migration tools
Cryptomator supports vault export and file migration. Users can move encrypted vaults between cloud storage services. Vault files can be backed up and restored.
Password recovery is not possible due to zero-knowledge architecture - if you forget your vault password, you cannot recover your files. Users should save their passwords securely. Vault backups should be created through cloud storage provider backup features.

Similar privacy apps

Same category

VeraCrypt

Score 90

VeraCrypt offers a privacy-conscious alternative in the encryption space, with a stronger focus on data protection th...

View details Visit site

Related Guides

Best Apps and Tools for Ultimate Data Protection

Discover the top privacy apps in 2025...

Read guide →

Client-Side Encryption: Cryptomator vs VeraCrypt

Compare Cryptomator and VeraCrypt for client-side encryption. Learn which tool best encrypts your...

Read guide →

Do You Need a VPN in 2025? Threat Models Explained

Learn when you actually need a VPN. Understand threat models, VPN limitations, and when VPNs help...

Read guide →