Your keys stay on
your side.

A local-first vault for seeds, credentials, and files. Encrypted before anything leaves your device. No cleartext on our servers — by design.

Create account Login Get it on Android

Desktop and Android cover native surfaces; the web app handles account sign-in, billing, and hosted tools.

Foundation

One product. Three hard rules.

01 — Local core

Your master secret stays on hardware you control. We never see your passphrase in the clear.

02 — Proven crypto

AES-256-GCM, strong KDF, optional Shamir recovery — the same engine family that powers our container format.

03 — You decide

Self-host, stay offline, or add encrypted sync later. The base product works without a subscription.

Clients

Desktop and mobile

SafeKey ships as a local-first vault on phone and as a native Windows shell around the same hosted web experience you use in the browser. Pick the surface that fits how you work; cryptography and container formats stay aligned across clients.

Windows

Desktop app

A Tauri 2 desktop shell for Windows (x64). It opens the live SafeKey web app inside a native window with WebView2, so registration, login, dashboard, and Stripe Checkout behave like the browser session you already trust.

  • Installer-based setup (NSIS); runs with normal user privileges under your profile.
  • Startup language selection aligned with the web app locales, then opens /app on the deployed host.
  • Checkout and subscription flows run in the embedded session — no separate desktop payment stack.
  • Ideal when you want a dedicated window and taskbar presence instead of a browser tab.

Distribution is via AlfaNest release channels or your own deployment bundle — point the shell at the same origin as your hosted SafeKey web deployment.

Open in web Download for Windows
Android

Android app

Built with React Native and Expo. The mobile client focuses on offline-capable vault operations: unlock, items, container crypto, export and import, and NFC tag workflows where supported.

  • Local-first: core vault use does not depend on a running sync API on the phone.
  • Onboarding, SafeKey crypto screens, and NTAG-oriented flows ship in the app bundle.
  • Account-backed sync and billing continue to converge on the web stack when you connect.
  • Google Play listing is staged; sideload and internal builds remain typical during rollout.

Use Metro during development on the same LAN as your machine; production builds follow Expo / EAS conventions.

Google Play
Reality, not marketing

What we ship first

Surface
Android vault, Windows desktop shell, web account & billing
Web
Account tools & sync when Pro goes live
Hardware
NFC card as second factor (after mobile core)
Roadmap
Heritage Pack: Dead Man's Switch & Shamir custodian invite
Get started

Not another cloud password app.

Encrypted vault, optional NTAG second factor, and cross-device sync — built the AlfaNest way.

Create account Login

Docs Contact AlfaNest Labs platform

Stack

Built with

React Native Expo Next.js Fastify PostgreSQL Stripe Tauri 2 AES-256-GCM Argon2id Shamir SSS NTAG NFC JWT TOTP / 2FA