Skip to main content

CryptPad

CryptPad is an open-source, end-to-end encrypted (collaboration suite) that provides browser-based document editing and file collaboration without server-side access to content.

  • End-to-end encrypted real-time collaboration on documents, spreadsheets, presentations, and other office content (collaboration suite)
  • Zero-knowledge architecture where servers store only encrypted data, limiting provider access to user content (security and privacy)
  • Browser-based interface requiring no local installation, delivered as a web application (web productivity platform)
  • Team workspaces, shared drives, and access control for groups and organizations (team collaboration and access management)
  • Self-hosting options with open-source code maintained by XWiki Substation Automation System (SAS) (on-premises deployment and open-source governance)

More About CryptPad

CryptPad is an open-source, end-to-end encrypted online collaboration suite (collaboration and productivity) developed and maintained by XWiki SAS. It targets organizations that require web-based productivity tools while retaining control over data confidentiality. The platform allows users to edit documents and collaborate in real time in a web browser while ensuring that the service operator cannot read stored content due to client-side encryption.

The core purpose of CryptPad is to provide an alternative to conventional office and collaboration platforms by implementing a zero-knowledge model (security and privacy). Client-side encryption is applied in the browser before data is transmitted to the server, and decryption keys remain on the client side. This means the CryptPad server handles storage and synchronization of encrypted blobs, while document contents and file metadata remain inaccessible to the hosting provider, within the design constraints described by the project.

From a capabilities perspective, CryptPad offers multiple encrypted applications (collaborative applications), including rich text documents, code or markdown pads, spreadsheets, presentations, kanban boards, polls, and whiteboards, as well as a password-protected shared drive for file storage (file collaboration). Real-time collaborative editing is supported, with multiple users viewing and modifying content concurrently. The suite exposes sharing links and granular permissions (access control), enabling read-only or edit access, and supports teams or organizational workspaces for grouping users and resources.

For enterprise and institutional environments, CryptPad can be used as a hosted service provided by XWiki SAS (SaaS deployment) or deployed on an organization’s own infrastructure (self-hosted on-premises (on-prem)). Self-hosting allows integration into existing network and identity environments at the infrastructure level, subject to the organization’s deployment choices. Administrators can manage instance-level configuration, quotas, and policies as documented by the project, while users access the service via standard web browsers.

Technically, CryptPad uses web technologies (web application stack) with encryption and key management executed on the client side in JavaScript. The platform’s architecture separates cryptographic operations in the browser from storage and synchronization on the server (application architecture), which positions CryptPad in categories such as secure collaboration, privacy-preserving groupware, and end-to-end encrypted productivity tooling. Because it is open source, enterprises that require auditability or customization can inspect the codebase and adapt deployment settings within the framework defined by XWiki SAS and the project documentation.

In directory and taxonomy terms, CryptPad is best classified under secure online office suites (productivity and collaboration), end-to-end encrypted groupware (security-focused collaboration), and self-hostable Software-as-a-Service (SaaS) alternatives (on-premises-capable platforms). Its zero-knowledge design and web-based interface make it relevant for organizations seeking browser-based collaboration with constrained data visibility for service operators.