Conventional password manager
- Create a provider account
- Create and remember a master password
- A permanent encrypted vault is maintained by the provider
- Devices synchronize through the vendor’s vault service
A fundamentally different secret vault
No MystSafe user account required. No memorized master password needed. No central vault held by MystSafe.
Free for individuals—at home or at work.MystSafe Private & Family stays free after beta.
Beta is coming soon
Your LaptopLocal encrypted vault
Your Cloud StorageSigned, encrypted updates
Your PhoneLocal encrypted vault
Only your devices can decrypt the vault
Your storage provider cannot read the vault
Your devices decide which updates are trusted
A different custody model
Conventional password managers keep a permanent encrypted vault under the provider’s custody. MystSafe keeps the vault on your trusted devices and uses external storage only to move signed, encrypted updates.
This comparison describes the conventional centralized-vault model. Individual products may use different implementation details.
Your first local vault
No registration form. No MystSafe login. No master password to remember.
This initial local-vault flow is planned for the upcoming beta.
No registration.
No email address.
No MystSafe account.
Keys are generated locally.
Use Face ID, Touch ID, a device passcode, or macOS authentication.
Scan a short-lived, single-use QR code.
The new device creates its own keys.
Existing-device private keys are never transferred.
Encrypted updates synchronize across trusted devices.
Your devices verify what they receive.
Device-controlled architecture
There is no MystSafe-operated sync backend. MystSafe connects directly to storage you choose.
GitHub is the MVP sync provider. It carries encrypted and signed synchronization data, but it does not hold the keys needed to unlock your MystSafe vault. Additional providers are planned.
Hybrid post-quantum design
MystSafe combines standardized post-quantum algorithms with established classical cryptography, so confidentiality and authenticity do not depend on a single cryptographic family.
Explore the cryptographic architecturePost-quantum layerLattice-based protection
Classical layerEstablished cryptography
One authenticated envelopeEncrypted device-to-device update
Control stays with you
No MystSafe sign-up, username, email address, or permanent MystSafe identity is required for the free personal vault.
Vault access is authorized locally through a trusted device and its normal user-presence controls.
MystSafe does not permanently hold your encrypted vault in a centralized vendor database.
Your storage provider moves encrypted updates. Your devices decide what is trusted.
MystSafe Private & Family
Use MystSafe for personal, family, freelance, and individual professional work at no cost.
MystSafe Pro will add advanced capabilities, organization-level controls, and corporate support. Pro is an optional feature and support upgrade—not a requirement simply because you use MystSafe for work.
Architecture transparency
MystSafe explains where keys live, what storage providers can observe, and which checks every device performs before trusting an update.
Private by design. Transparent by default. Controlled by your devices.