End-to-end encrypted. Fully managed. Finally both.
Every email, file, and document is end-to-end encrypted before it leaves your device. But unlike other encrypted platforms, your organization keeps full control — password recovery, employee offboarding, shared mailboxes, audit trails, legal hold. The server never sees your content. Your admins can still do their job.
Currently in invite-only testing. Faral is built and hosted entirely in Europe.
The tradeoff that shouldn't exist
Most workspaces force you to choose. Conventional platforms give your admins full control — but your provider can read everything. Encrypted platforms protect your content — but often at the cost of the admin tools organizations depend on. Password recovery, employee offboarding, shared mailboxes, eDiscovery — these become difficult or impossible when encryption wasn't designed with organizations in mind.
Conventional platforms
Full admin control. But your provider has complete access to your content — and so does anyone who compromises them. You get management tools at the cost of zero privacy from your provider.
Encrypted platforms
Your data is encrypted, which is great. But most encrypted platforms weren't architected for organizational use. Admin recovery, structured offboarding, and shared resources often don't work the way a 30-person firm needs them to.
Faral
Both. Every piece of content is end-to-end encrypted — and your organization retains full operational control through a transparent key hierarchy. Encrypted AND manageable.
How it works
Not a deep technical dive — just enough to show why this is real.
Every user gets encryption keys on account creation
Automatic, no setup. Your keys are derived from your password, which never leaves your device. Authentication uses SRP — the server never sees your credentials.
All content is encrypted on your device before it reaches our servers
Email bodies, files, documents, calendar event details — encrypted in your browser. We store encrypted blobs. We literally cannot read your content.
Your organization holds a recovery key
If an employee forgets their password or leaves the company, admins can recover access through a transparent, auditable key recovery mechanism — without Faral being involved. The server never sees the content.
Shared resources have their own keys
Shared mailboxes and drives use versioned encryption keys. When someone leaves, new content is automatically inaccessible to them. No re-encryption of existing data needed.
External recipients get a secure portal
PGP auto-discovery for contacts who support encryption. Password-protected secure portal for everyone else. You can send sensitive information to anyone.
What your admins can actually do
End-to-end encryption doesn't have to mean giving up administrative control. Faral's key hierarchy gives your organization real operational capabilities — without the server ever seeing content.
Password recovery
When an employee forgets their password, admins recover access through the organization's recovery key. No data loss, no Faral involvement, no content exposed to the server.
Employee offboarding
When someone leaves, admins transfer their data via the org key. Shared resources rotate keys automatically — new content becomes inaccessible to the former employee without re-encrypting existing data.
Shared mailboxes
Full-featured shared mailboxes with their own versioned encryption keys. Multiple team members access the same mailbox — all content stays end-to-end encrypted with automatic key rotation on membership changes.
Legal hold and eDiscovery
Admins can decrypt specific data when legally required — audit logged and transparent. The organization controls this capability, not Faral.
Crypto-shredding for GDPR erasure
Delete the encryption keys and all associated data — including backups — becomes mathematically unrecoverable. True right to erasure without hunting down every copy.
Everything you need to work
One workspace, not seven subscriptions. Every tool works together — and everything is end-to-end encrypted by default.
End-to-end encrypted by default for all Faral-to-Faral messages. PGP auto-discovery for external encrypted contacts. Secure portal with passphrase-protected access for everyone else. Encrypt-on-arrival for inbound mail.
Docs
Full document editor with .docx import and export, page layout, and printing. All client-side encrypted. High-fidelity format conversion that outperforms comparable encrypted document editors.
Drive
All files encrypted, always. Personal and shared drives with versioned encryption keys. External sharing via password-protected links. When someone leaves, key rotation ensures new content is automatically inaccessible.
Calendar
Event content encrypted. Timing metadata remains plaintext for scheduling interoperability. External invitations work normally. Syncs with any CalDAV client.
Contacts
Contact details encrypted. Email addresses remain plaintext for autocomplete and routing. Syncs across all devices via CardDAV.
Chat
Real-time messaging with channels, direct messages, and threads. End-to-end encrypted using the Signal protocol.
Meet
Video and voice calls with end-to-end encryption via Insertable Streams over LiveKit. Camera, mic, and screen sharing.
Faral Mail — every message encrypted by default
What we're honest about
We'd rather tell you exactly what we can and can't do than make promises you can't verify.
We can't read your content
Email bodies, files, documents, calendar event details — encrypted on your device before reaching our servers. We store encrypted blobs. This is a mathematical guarantee, not a policy.
We can see metadata
Email addresses, subject lines, file names, calendar times, organization membership. We need this to operate the service — routing email, scheduling, autocomplete. We're explicit about what isn't encrypted.
External email has limits
When someone outside Faral emails you without PGP, we encrypt the message on arrival — but our server briefly handles the plaintext. This is the same limitation every encrypted email provider has. We're transparent about it rather than pretending it doesn't exist.
Your org admins can access your data
Through a transparent, auditable key recovery mechanism. Users see a clear banner: "Your organization has recovery access." This is not a backdoor — it's an explicit, logged, auditable capability that your organization controls. We are never involved.
Built on open foundations
Faral is built on proven open-source projects — the same technology trusted by thousands of organizations. We credit and contribute to the communities that make this possible.
Our email runs on Stalwart with JMAP and built-in PGP encryption at rest, real-time messaging on NATS, video calls on LiveKit, calendars and contacts via CalDAV and CardDAV, file sync via WebDAV, and identity via OIDC. Content and encryption keys are stored in separate databases. All open standards, all interoperable.
Faral's code will be open source
We're building Faral to be open source — not because it's expected, but because it's the only honest way to back up claims about privacy and security. The codebase is a work in progress and not public yet.
When it's ready, it will be available on our self-hosted Forgejo instance — because even our source control runs on European infrastructure. Security audit planned.
European infrastructure, no exceptions
Hosted on Netcup in Amsterdam, NL. No AWS, no GCP, no Azure. No American cloud dependencies. All providers EU-based. GDPR compliance through crypto-shredding — delete the keys and the data is mathematically unrecoverable, including backups.
No US cloud
No Amazon, Google, or Microsoft infrastructure anywhere in the stack. Every provider is European.
Amsterdam, NL
All servers in the Netherlands. European law, European jurisdiction, no exceptions or loopholes.
Crypto-shredding
Delete encryption keys and all data — including backups — becomes mathematically unrecoverable. True GDPR erasure.
Your firm needs encryption that doesn't cripple operations
Faral is in invite-only testing. Request access for yourself or get in touch about your organization.