Why CRYMBL

Share securely. Made simple.

What CRYMBL is, what it does for you – and why email alone will not solve this.

What is CRYMBL?

End-to-end encrypted sharing – without the complexity

CRYMBL is a platform for sharing confidential content – notes, files and incoming transfers. Everything you share is encrypted right in your browser before a single byte leaves your device, and it is decrypted only by the intended recipient. In between sits CRYMBL, transporting and storing your data without ever being able to read it. This principle is called zero-knowledge: your master password, the keys derived from it and the plaintext never leave your device. On the servers there is only ciphertext.

CrymblNote

Encrypted notes and text messages – ideal for credentials, passwords, PINs or short confidential messages that should not linger in a chat or mail history.

CrymblFile

Encrypted files and documents. From a contract to a payslip to an X-ray: the recipient downloads the file via a link and decrypts it locally.

CrymblBox

An encrypted receiving inbox: you hand out a link through which others can send files to you securely – even without an account. The transfer is encrypted to your public key right away.

Proven cryptography, no home-made crypto

CRYMBL relies exclusively on established, standardised methods. Only ciphertext, initialisation vectors and public keys ever reach the server – never plaintext, master passwords or private keys.

Zero-knowledge

Encrypted and decrypted in the browser. The provider cannot read your content – ruled out by design, not by goodwill.

AES-256

Your content is encrypted with AES-GCM at 256 bit – the industry standard for symmetric encryption.

PBKDF2 (600,000×)

Your master password is stretched into a key over 600,000 iterations (OWASP recommendation), making brute-force guessing enormously expensive.

RSA-2048

Sharing uses RSA-OAEP: content is encrypted to the recipient's public key and can only be opened with their private key, which never leaves their device.

You control the lifecycle

Every shared item can be given a validity period (from 1 to 30 days) and a maximum number of openings (from 1 to 30). After that it can no longer be retrieved. On top of that, you can actively destroy any link at once. The recipient sees only what they should – and only for as long as you want.

Your benefit

What it does for you – and why you need it

Because confidential information is constantly on the move – the WiFi password for a new colleague, the employment contract to a candidate, the tax assessment to your advisor, health records to the practice. Every time, the same question arises: who can actually read this – and how long does it stay lying around somewhere? CRYMBL answers it clearly: no one but the intended recipient, and only for as long as you decide.

Real confidentiality, not a promise

Security here comes from mathematics, not from a privacy statement. CRYMBL technically cannot view your content – a qualitative difference from "we promise not to look".

GDPR compliance made demonstrable

Anyone transferring personal or special-category data carries the burden of proof. End-to-end encryption with defined expiry and deletion rules is a strong, documentable argument towards authorities and in the event of an incident.

Control after sending

Unlike almost every classic channel, your control does not end the moment you hit send. Expiry dates, opening limits and instant destruction give you authority over the entire lifecycle.

No data mountain that catches up with you

What expires after a short time cannot resurface years later from a forgotten inbox, a backup or a data breach. Data minimisation is not a sacrifice but active risk protection.

Who benefits most

Private individuals

Exchanging passwords, IDs, contracts or family documents without them lingering permanently in chats and mailboxes.

Freelancers & small businesses

Law firms, tax advisors, practices, agencies, IT service providers – bound to confidentiality by professional rules or contract, and required to prove it.

Teams & organisations

Establishing secure exchange as the self-evident standard – in their own branding – instead of leaving it to individual employees.

The email problem

Why email alone is not a solution

Email is the workhorse of digital communication – and still the wrong path for confidential content. That is not down to poor execution but to the basic design: the protocol comes from a time when confidentiality simply was not a design goal. At its core, an email resembles a postcard, not a sealed letter.

Transport encryption is not content encryption

Modern mail servers usually encrypt the connection (TLS). But once the message arrives on a server, it sits there in plaintext, is passed from station to station, and is readable and stored at each of them. TLS protects the path, not the content at the stops.

No control after sending

A sent email cannot be reliably recalled, given an expiry date, or limited to a certain number of accesses. What is out is out – permanently.

Unlimited, uncontrolled storage

The message sits in the recipient's mailbox, in their backups, often also in your "sent" folder and in server-side archives – potentially for years. Each of these copies is a data-leak risk of its own.

One click to the wrong recipient

Auto-complete, forwarding, "reply all": misaddressing is among the most common causes of data breaches. A wrongly addressed, unencrypted email cannot be caught again.

Unprotected attachments, plus size limits

Attachments inherit the mail's lack of protection and often fail at size limits too – which pushes people towards even less secure workarounds.

No defined deletion, no proof

You cannot demonstrate that a confidential email was deleted at the recipient's end – a real problem for anyone under GDPR or professional secrecy who must provide proof.

Email and CRYMBL side by side

Criterion Email (alone) CRYMBL
Content readable by the provider Yes, plaintext on the servers No (zero-knowledge)
Encryption Transport only (TLS) End-to-end, content in the browser
Expiry / self-destruction No Yes (validity, open limit, instant deletion)
Control after sending Practically none Full control over the lifecycle
Storage duration Unlimited, in many copies Only until expiry, then unavailable
Risk on misaddressing Content immediately exposed in plaintext Only the intended recipient can decrypt

The misconception worth clearing up

The common fallacy goes: "But my email is encrypted." What is meant is almost always just transport encryption – the lock on the envelope along the way, not on the content itself. End-to-end encryption, as CRYMBL implements it, means only sender and recipient hold the keys; every intermediate station – including the provider – sees ciphertext only.

Email remains excellent for signalling that something is ready – for example, "I have provided the documents for you via CRYMBL". But the confidential content itself needs a channel designed for confidentiality from the ground up. That is exactly what CRYMBL is.

Security

Your data and privacy are protected in CRYMBL

The managing director of our external data protection officers, H.-C. Widegreen (Widegreen & Data GmbH), is certified as a data protection officer by TÜV and as a data protection specialist by DEKRA. We ensure data protection in accordance with legal requirements, implementing information obligations and technical-organizational measures

Cloud Services Made in Germany DEKRA & TÜV Rheinland zertifiziert SecurITy Made in Germany – Teletrust

Share securely. Made simple.

Turn "I hope that was secure enough" into "I know only the recipient can read it – and that it disappears afterwards".