Krytz reads everything you put into it — voice notes, contracts, half-finished thoughts. That sets a higher bar for how it's stored, transmitted, and processed than most productivity tools live up to.
Your data is encrypted client-side with keys you control. We can't read it, even in our own logs. AES-256 + per-record envelope keys.
Your captures, decisions, and recall queries are never used to train any model — ours or anyone else's. Contractual + technical.
One-click export to Markdown + JSON. Bring it all over to a competitor in under 60 seconds if Krytz isn't for you.
Delete your account → 30-day grace period → cryptographic erasure. Verified by an internal cron job we publish quarterly.
EU, US-East, US-West. Choose at signup. Teams plan: pin to a specific region with no cross-replication.
Every priority change, every connected app write, every retention event — append-only log you can replay at any timestamp.
Voice, text, image — initial extraction runs on-device with the local model. We never see the raw fragment unless extraction needs deeper inference. Privacy budget: ~95% of captures handled locally.
Everything leaving your device travels over TLS 1.3 with certificate pinning. Connections are validated against our published cert chain — no MitM-by-proxy.
If cloud-side inference is needed, the fragment is processed in a memory-encrypted enclave. Compute is ephemeral — the workload dies, the result is encrypted with your envelope key, and the raw input is purged.
Each record is AES-256-GCM encrypted with a per-record envelope key, which is itself encrypted with your master key. We literally cannot decrypt your records without you being present.
Internal access requires a signed JIT request. Logs are append-only, replicated, and surface to your audit feed within 60 seconds. You see us looking at your data, not the other way around.
In progress · audit period started Q2 2026. Report by Q4.
Compliant. DPA available on request.
Compliant. California residents: see Privacy.
Planned · Q3 2026. Required for healthcare verticals.
Aligned. Formal certification pursued Q1 2027.
Quarterly · last conducted by Trail of Bits, April 2026.
Active program · payouts up to $25k. Hall of fame public.
99.95% on Pro / 99.99% on Teams. Public status page.
| Vendor | Purpose | Data class | Region |
|---|---|---|---|
| AWS | Primary infrastructure | Encrypted records | EU / US-East / US-West |
| Cloudflare | Edge & DDoS protection | TLS pass-through only | Global |
| Anthropic | AI inference (extraction only) | PII-stripped fragments · 0-retention | US |
| AI provider | Embeddings · semantic recall | Hashed text · 0-retention | US |
| payment provider | Payments | Billing info only · no app data | Vendor-managed |
| Postmark | Transactional email | Email + magic links only | US |
| Sentry | Error reporting | Stack traces · scrubbed | EU |
↳ Updated 2026.05.14. Material changes notified 30 days in advance.
If you've found a security issue in any Krytz surface — web, mobile, the connected app spec, or our infrastructure — please reach out before posting publicly.
We respond within 24 hours, ship fixes for critical issues within 72 hours, and credit you (if you'd like) on our hall of fame.
security@krytz.com