Open app

One vault for all your data.

You shouldn't have to trust a corporation with your passwords, your photos, or your messages. Vitonomi puts you back in control: you hold the keys, you hold the data, on hardware you choose.

Get started How it works

Why it matters

Every service will be breached eventually.

Google, Apple, Meta — every centralised service stores your most private data on servers you don't control, encrypted with keys you don't hold. Breaches are not a question of if, but when. AI is accelerating that timeline.

Credentials, email aliases, photos, and more — encrypted on your device, stored on your terms. Self-hostable. Post-quantum secure. Open source.

Corporate services

  • Your data used for AI training
  • Their keys, their rules
  • Breached when, not if
  • Scattered across providers
  • Locked in, priced up yearly
  • Closed source, trust required

vitonomi

  • Your data on your hardware
  • Your keys, always
  • Zero-knowledge by design
  • One vault for everything
  • Self-hostable, no lock-in
  • Open source, auditable

Day one

Credentials and email aliases. Ready at launch.

  • Credential vault

    A zero-knowledge password manager. Credentials are encrypted client-side and synced across your vaults. No cloud provider ever sees plaintext.

  • Email aliases

    Receive-only aliases at servicexyz@username.vito.gg, or on any custom domain you own. Each alias has its own encryption key. The relay encrypts in RAM, stores nothing, logs nothing.

Photos, videos, documents, and more data types ship in v1.1.

How it works

Vaults, hubs, and clusters.

  1. Encrypt

    All data is encrypted on your device before it leaves. Your vault, your hub, and vitonomi's servers never see plaintext.

  2. Store

    Your vaults — daemons on home servers, a VPS, or any always-on machine — hold the encrypted data. Replication across vaults keeps it safe.

  3. Coordinate

    A hub (hosted by vitonomi or self-hosted) manages vault discovery, cluster membership, and encrypted head pointers. It never touches your data.

Principles

Built around four promises.

  • Zero-knowledge

    Data is encrypted on your device. Vaults store opaque blobs. The hub stores opaque pointers. Nobody in the chain can read your data.

  • Post-quantum

    ML-DSA-65 signatures, ML-KEM-768 key encapsulation, XChaCha20-Poly1305 symmetric encryption. No harvest-now-decrypt-later risk.

  • Self-hostable

    Every component — vault, hub, relay — runs on your own hardware. The hosted service is just one deployment of the same open-source binaries.

  • Open source

    AGPL-3.0. Read every line of code. Fork it. Audit it. Run it yourself.

Our servers never store your data. Not the bytes. Not the metadata. Not the keys.

Dual-key Argon2id, client-side encryption, and post-quantum cryptography end to end. Every vault and hub deployment uses the same zero-knowledge design.

Read the security details

Families and teams

One cluster. Everyone keeps their own keys.

Create a cluster for your family or organisation. The admin invites members and sets per-user quotas, but cannot read anyone's data. Each member holds their own encryption keys — generated on their own device, never shared.

Open source, self-host first

Run every component yourself.

Vitonomi is not a walled garden. The vault daemon, the hub server, and the SMTP relay are all open-source AGPL-3.0 binaries. Deploy them on your hardware and keep zero dependency on vitonomi infrastructure.

Learn about self-hosting Browse the source

Get started

Your data. One vault. Fully encrypted.

Open vitonomi Or self-host