Keys live on your device
Your private keys are generated on your device and never leave it. The server never sees your private key, cannot decrypt your data, and cannot be compelled to produce plaintext.
Zero-knowledge by design. Server stores ciphertext only.
End-to-end encryption (E2EE) means your data is encrypted on your device and only decrypted on the device of the person you are communicating with. The UltimaOS server only ever sees ciphertext and public keys — it cannot read your messages, files, or calendar.
Your private keys are generated on your device and never leave it. The server never sees your private key, cannot decrypt your data, and cannot be compelled to produce plaintext.
All chat messages, files, calendar events, and AI conversations are stored on the server as opaque encrypted blobs. Backups are encrypted. Operational logs never contain plaintext.
If the UltimaOS server is compromised tomorrow, the attacker gains access to ciphertext blobs and metadata (who talks to whom, when). They do not gain access to message contents.
Every conversation, file, and calendar event on UltimaOS is encrypted with a symmetric session key derived from an ML-KEM-768 key encapsulation. The result is a zero-knowledge architecture where the server is a dumb pipe for encrypted data.
Each conversation generates a fresh symmetric key. A compromise of one session key reveals only that conversation — never other conversations or the user's other data.
Files are encrypted with their own random symmetric key, then that file key is encapsulated to each recipient with their ML-KEM-768 public key. Revoking a recipient is a re-encryption, not a deletion.
When a member joins or leaves a group, the group symmetric key is rotated and re-encapsulated to the new membership. Old members lose access; new members gain it without breaking the rest.
UltimaOS uses a 3-of-5 social recovery scheme: a member's encrypted history can be reconstructed with the cooperation of three trusted contacts. Recovery does not weaken the cryptography — it uses secret sharing over the user's encrypted keys.
Workspace admins cannot read encrypted content. They can remove members, change roles, and access workspace-level metadata — but they cannot decrypt messages or files.
A subpoena or court order can compel UltimaOS to hand over encrypted blobs. The encrypted blobs are useless without the user's private key, which UltimaOS does not possess.
Because the server cannot see content, it cannot moderate content. UltimaOS relies on user-driven abuse reports and proactive workspace admin moderation rather than server-side content scanning.
The UltimaOS clients are open source. Independent researchers can audit the E2EE implementation end-to-end, from key generation through encrypted transport through local storage.
End-to-end encryption (E2EE) is a cryptographic architecture where data is encrypted on the sender's device and only decrypted on the recipient's device. The service provider in the middle stores ciphertext only and has no key to decrypt it. (EFF Surveillance Self-Defense)
No. The server stores ciphertext and the public keys of users. It does not have the private keys needed to decrypt content. This is verifiable in the open-source clients.
No UltimaOS staff member has the technical ability to read your encrypted data. There is no master key, no backdoor, and no override mechanism. This is verified by the open-source client code.
Yes. The cryptographic design is zero-knowledge with respect to the server: the server has no information about content beyond opaque ciphertext and minimal metadata needed for delivery.
Yes. The UltimaOS clients are open source. The cryptographic stack is described in detail in the whitepaper. Independent audits are performed annually and the reports are published on the security page.
AI inference runs on EU infrastructure under UltimaOS control. Prompts and responses are encrypted end-to-end like any other conversation. The AI provider (OpenAI, Anthropic, self-hosted) sees the prompt in plaintext only during inference, never at rest.
UltimaOS uses a 3-of-5 social recovery scheme. The user designates five trusted contacts; any three can reconstruct the encrypted key material needed to access the user's history on a new device. No single contact can decrypt alone.