Your entire workspace. Encrypted. Local. Yours.
Notes, chat, calls, mail, files and on-device AI — one suite, end-to-end encrypted, built on a server that can’t read a single word. Works offline, syncs everywhere, self-hosts anywhere.
- Zero-knowledge
- Local-first
- On-device AI
- Self-hostable
Everything your team runs on — under one key
Stop stitching together five subscriptions that each read your data. Noteqo replaces them with one encrypted workspace.
Docs & databases, Notion-style
A block editor with 30+ block types, inline databases, live multiplayer cursors and version history — every keystroke encrypted before it leaves your device.
- Databases with table, board, gallery and list views
- Real-time co-editing with per-block comments
- Automatic version snapshots you can time-travel
Channels & DMs without the leak
Slack-style channels, group chats and direct messages living beside your docs — same keys, same zero-knowledge guarantee, same offline-first sync.
- Open channels, private groups and 1:1 DMs
- Encrypted file attachments in any conversation
- Presence and typing indicators in real time
Meetings on your own infrastructure
One-to-one encrypted calls and group meetings on a self-hosted SFU — screen share, reactions and raise-hand included, no third-party video cloud.
- Encrypted 1:1 calls straight from any DM
- Group calls with screen sharing on self-hosted LiveKit
- Rings your other devices, even in the background
Org email on your own domain
A full mailbox inside your workspace — threading, folders and team addresses on a domain you verify yourself. Internal mail is sealed per recipient.
- Bring your domain: DNS-verified, addresses you assign
- Internal mail end-to-end sealed per recipient
- Send and receive external email too
Files the server can’t open
A Drive-style manager for every file your team shares — folders, previews and search, with names and contents encrypted before upload.
- Folder trees with drag-and-drop upload
- Image, video, audio and document previews
- Per-file sharing with folder inheritance
AI that never phones home
Ask questions across your notes, rewrite and summarize, draft email replies — with models running on your machine. Not a private cloud: no cloud.
- “Ask your notes” answers grounded in your own content
- In-browser via WebGPU, or native models on desktop
- Opt-in, and nothing ever leaves your device
Built different, on purpose
Privacy isn’t a feature tier here — it’s the architecture. Everything below falls out of that one decision.
-
On-device AI
Generation runs in your browser over WebGPU or as native models on desktop. Your prompts, notes and drafts are never someone else’s training data.
-
Works fully offline
Local-first storage means the app is whole without a connection. Changes merge conflict-free when you’re back.
-
Private by default
Notes and files start visible only to you. Share with people, teams or everyone — view or edit, your call.
-
Search that stays home
Full-text search across everything, indexed entirely on your device.
-
Teams & permissions
Group members into teams, share in bulk, and gate admin powers by capability.
-
Leave anytime
One encrypted backup file restores your whole workspace on a fresh device.
-
Self-host the whole suite
API, sync, calls and mail run on your own boxes. Your company’s knowledge never has to leave infrastructure you control.
The server holds your data, never your keys
Every key is derived and used on your device. What the server stores is mathematically unreadable — here’s the actual chain.
-
Your password + 24 words
Identity starts from a password and a 24-word recovery phrase — or a passkey, so you never hand-keep the phrase.
argon2id(password) → vaultKey -
Keys derived on-device
Signing and encryption keypairs are generated client-side and locked with your vault key before anything is stored.
ed25519 · x25519 · AES-256-GCM -
Wrapped per member
Each space key is encrypted to every member individually. Access is cryptographic, not a permission flag.
wrap(spaceKey, member.pubKey) -
Server sees ciphertext
Notes, messages, files, mail — all sealed before upload. A full server breach leaks nothing readable.
9f2c…e81b — opaque bytes
-
Encryption you can’t misconfigure
There is no “enable encryption” toggle to forget — plaintext storage simply doesn’t exist in the system.
-
Passkey recovery
Enroll a passkey and recover your account with your device’s biometrics — the recovery phrase becomes optional to keep on paper.
-
Private version history
Time-travel through encrypted snapshots of any doc with the same zero-knowledge guarantee.
-
Admin without backdoors
Org owners can provision and recover managed members using their own custody key — the host stays blind throughout.
Native everywhere you work
One encrypted workspace across every screen — and three modes: fully local, personal sync, or full team collaboration.
-
Web & PWA
Runs in any modern browser; install it like a native app in one click.
-
Desktop
Mac, Windows and Linux app with bundled native AI models — Gemma-class, offline.
-
iOS & Android
Native mobile apps with biometric unlock and call notifications.
-
Your servers
Self-host the entire suite — API, sync, calls and mail — on your own hardware.
Own your data in four steps
No setup theatre — you’re writing securely in under a minute.
- 01
Create your vault
A password and a 24-word recovery phrase derive your keys on-device. That’s the whole identity setup.
- 02
Work offline or in sync
Write notes and docs that save instantly and locally, then sync seamlessly across your devices.
- 03
Invite your team
Share spaces, channels and files. Keys are wrapped per member, so access is cryptographic — not just a permission flag.
- 04
Keep control
Self-host on your own VPC or export an encrypted backup anytime. Your workspace is portable and yours.
Stop renting your workspace
Notes, chat, calls, mail, files and AI — encrypted end to end, running wherever you say. Your team’s second brain shouldn’t live in someone else’s.