Trust Assumptions

CryptPad is end-to-end encrypted and the server has no access to your data. However, as with any other web application, some entities still need to be trusted in order to guarantee security:

  • Your chosen CryptPad instance to

    • run the same code as the one published on GitHub,

    • not block your network messages, and

    • follow its terms of service and privacy policy.

  • Your collaborators not to forward sharing links to illegitimate third parties.

Under these assumptions you can be sure that it is technically not possible to read or modify your documents by

  • your chosen CryptPad instance,

  • any powerful adversary that can see your web traffic, or

  • any other user.

We maintain a list of public CryptPad instances to let you better decide on whom you want to trust.


CryptPad does only provide a weak form of anonymity. Your chosen CryptPad instance can see your IP address and your "user agent" (browser and operating system).

If you need stronger anonymity guarantees, you can access CryptPad via Tor.

Passwörter für Dokumente und Ordner

Eingeloggte Benutzer

Wenn du den Link zu einem Dokument oder einem freigegebenen Ordner über einen unsicheren Kanal (z. B. E-Mail oder SMS) teilst, könnte jemand den Link abfangen und Zugriff auf deine Daten erhalten. Um dies zu verhindern, können die Eigentümer eines Dokuments oder Ordners ein Passwort hinzufügen.

When you share documents with your contacts and teams directly on CryptPad, communications are encrypted and we assume that you want to give them access. Therefore the password is remembered and sent with the document/folder when you share it. The recipient, or yourself, are not asked for it when they open the document.

Du kannst bei der Erstellung von Dokumenten ein Passwort hinzufügen.

Du kannst im Menü Zugriff ein Passwort hinzufügen oder ändern:

  • Im CryptDrive: Rechtsklick > Zugriff.

  • Werkzeugleiste im Dokument: Zugriff.

Verifying contacts

Eingeloggte Benutzer

To verify a contact's identity, i.e., that a contact belongs to the person you think, you can compare the public signing keys:

  1. Ask your contact to share their public key over a secure channel with you.

  2. If this public key matches the one from your contact's profile page, you can be sure that the contact belongs to the person at the other end of the secure channel.

Self-destructing documents

Eingeloggte Benutzer

Self-destructing documents will be destroyed automatically without the interaction of any user. This ensures that sensitive data is not accessible forever.

There are two ways to create self-destructing documents:

Sitzungen beenden

Eingeloggte Benutzer

In einigen Fällen (Verlust oder Diebstahl eines Gerätes, vergessene Abmeldung von einer Sitzung auf einem gemeinsam genutzten Computer, usw.) kann es notwendig sein, alle aktiven CryptPad-Sitzungen zu beenden. Dazu gibt es zwei Möglichkeiten:

  • User menu (avatar at the top-right) > Settings > Confidentiality > LOG OUT.

Diese Option loggt dich überall aus, außer der gerade verwendeten Sitzung.

  • Benutzermenü (Avatar oben rechts) > Überall ausloggen.

Diese Option loggt dich überall aus, einschließlich der gerade verwendeten Sitzung.

Externer Inhalt

CryptPad blockiert Bilder und andere externe Inhalte in den Markdown-Editoren (Code / Markdown, Präsentation, Kanban), um mögliches Tracking zu verhindern.

Eingeloggte Benutzer

Um Bilder aus dem CryptDrive einzubetten oder neue Bilder hochzuladen, verwende das Menü Einfügen. Dieses Menü fügt ein Element media-tag ein. Es ist komplexer als die Bildersyntax von Markdown, wird aber automatisch erstellt.

Known caveats

No unique usernames

Neither the account name nor the display name is unique in CryptPad. This means that you cannot trust usernames to identify people. Instead, identify your contact via their public keys.

Edit rights in teams

Team members with edit access to a teams drive may share this access to other users both inside and outside the team. Team members may even convert folders into shared folders and delegate their access to anybody they want.

You therefore have to be careful with whom you grant edit rights. You may also want to

  • set the role of a member to viewer and selectively share edit rights to this person.

  • use access lists to limit the access to a file to specific contacts.

Access of former team members

The team communication is encrypted with static keys. This implies that a former team member still has the keys. A former team member can therefore potentially decrypt team messages and can also keep the same access to the team's document as before. However, this requires to modify the client source code as the official one does neither store the keys nor decrypt any messages of a team which the user is not part of.