In messages, email, or public posts — your text is encrypted before it leaves your device. The channel you send it through only ever sees the sealed box.
The channel protects the route. Sealbox protects the content — including at rest, on the device, where the channel ends.
Encrypted messengers protect messages on the way between devices. But the content's life doesn't end in transit — it sits on the endpoint, where the messenger's protection stops. Sealbox seals the text itself, before any channel touches it, and keeps it sealed at rest behind your biometrics. It adds to any channel; no channel adds to it. The question "can I trust this app with my words?" stops mattering — the transport never held them in the clear.
Honest scope: channels generate metadata (who, when, how much) — that's the route's domain, and no content layer can hide it. Sealbox seals what's inside. The limits are spelled out below, not buried.
Select text in any app — a messenger, Mail, Notes, anywhere. Tap Share.
Choose Encrypt (Sealbox) in the share sheet. Pick the contact.
Face ID. Done — the encrypted text is on your clipboard.
Paste it back where you were and send. Receiving works the same way, in reverse.
No character limit here, unlike a store page. This is the part worth reading before trusting anything with your words.
The extension is invoked from the share sheet, encrypts the selected text, and returns it on your clipboard. It only runs when you call it. Many older encryption apps shipped a custom keyboard instead — which requires Full Access, meaning the keyboard sees everything you type in every app. Sealbox refuses that trade by design.
Your identity is a bundle of six public keys — three encryption KEMs, two per-mode signing keys, and one composite root identity that certifies the rest — generated automatically when you start. Every message is encrypted and signed (encrypt-then-sign, recipient-bound): your contact knows it came from you and was meant for them.
HPKE with X-Wing (X25519 + ML-KEM-768 hybrid) + ML-DSA-65 signatures (FIPS 204). Confidentiality and authenticity resist future quantum attacks — protection against "harvest now, decrypt later". Larger payload (~6k chars; fits messengers, email, pastebins — not SMS).
HPKE with P-256 living inside the Secure Enclave + Ed25519 signatures. The decryption key never reaches app memory — the chip does the work. Compact payload (fits SMS, short posts).
HPKE with Curve25519 + ChaCha20-Poly1305 + Ed25519 — the modern stack trusted by WireGuard and age. Compact payload, minimal assumptions.
Exchange keys face-to-face with an animated QR (the key bundle is ~8.7 KB — too big for one code, so it plays as frames), or share remotely through any channel. No keyservers, no .asc files, no key-signing parties.
Trust on first use, with verification. A remote contact works immediately, visibly marked "unverified". You compare a 13-word security code — derived from both parties' root identities — whenever convenient, and the marker flips. Routine key rotation is certified by the root identity and never triggers a false alarm; only an actual identity change does.
Create as many named local keys as you want, for notes and secrets only you will read. Committing authenticated encryption with no KEM and no signature — the key only you hold is the authentication. Each key is either recoverable (travels in your backup, migrates to a new phone) or device-bound (never leaves; irreversible choice). Deleting a key is crypto-shredding: everything it ever sealed becomes permanently unreadable, no cleanup needed.
Backup is off by default. When you turn it on, Sealbox encrypts the package end-to-end before it touches your iCloud — Apple stores opaque bytes. The BIP-39 recovery phrase (24 words, 256 bits) is the single secret that reopens it on a new device; there is deliberately no human password, because a guessable password would reopen the offline brute-force door that the phrase closes. If iCloud is unavailable, the app tells you and offers manual export — it never fails silently.
Rotate your operation keys anytime; the new keys are re-certified by your root identity and propagate to contacts in-band, attached to your next message — no server involved. After a rotation, an attacker who had your old key cannot read what comes next (post-compromise security), and once the old key is retired it is deleted (forward secrecy by epoch). What Sealbox does not claim: per-message forward secrecy à la Double Ratchet — that requires an interactive session, which contradicts "encrypt and paste anywhere". We name the trade instead of hiding it.
Decryption keys live behind biometryCurrentSet — only your current biometrics release them, enforced by the Secure Enclave itself. There is deliberately no passcode fallback: a passcode can be observed, guessed, or compelled in ways live biometrics cannot. The Classic-mode key lives inside the Enclave; your contact graph (names, trust state) is encrypted under a biometric metadata key; and the app keeps zero historical logs. Recovery when biometrics fail permanently: restore from backup with your phrase.
We'd rather you understand the tool than buy a promise nobody can keep. This same page ships inside the app.
Standards before invention. Where IETF, NIST, or Apple define a formally analyzed construction, Sealbox adopts it verbatim: HPKE (RFC 9180, native CryptoKit) in three ciphersuites; X-Wing (peer-reviewed IND-CCA proof, IACR CiC 2024); ML-DSA-65 (FIPS 204, formally verified by Apple); Ed25519 (RFC 8032). The honest stack: primitives via Apple CryptoKit + Argon2id via libsodium (the most-audited implementation, backup KDF only) + three auditable own implementations — the Ed25519+ML-DSA-65 composite (IETF draft), BIP-39, and a canonical serializer. Zero custom primitives.
Verify the serverless claim yourself. Sealbox has no backend — so the absence of traffic is observable. Watch the app with iOS privacy reports or a proxy: cryptographic operations make no network requests at all. The only traffic is whatever app you chose as transport, carrying ciphertext. This page practices the same: no scripts, no fonts fetched, no analytics, no cookies — open your browser's network inspector right now.
What we don't have yet — said plainly. No independent audit and no open source, for now: both cost money this solo, pre-revenue project doesn't have yet. The full design is published instead — white paper, this threat model, and the design notes below — so you can evaluate the architecture yourself, and the audit is the declared next milestone after launch. White paper — at launch
A custom keyboard needs Full Access — it sees everything you type, everywhere. The extension only exists when invoked.
There is no server, so a recurring fee would be charging rent for nothing. You buy the tool, you own the tool.
A passcode can be shoulder-surfed, brute-forced on old hardware, or compelled quietly. Live biometrics enforced inside the Secure Enclave can't. The fallback is your recovery phrase — not a weaker lock.
Secure Enclave keys can't migrate to your next iPhone. The default favors safe migration; the advanced option pins keys to the chip for those who want exactly that.
Authenticity gets the same post-quantum treatment as confidentiality. Forging your identity requires breaking both algorithms, not one.
Deliberate. PGP brings keyservers, trust ceremonies, and 1990s packet formats. Sealbox is a clean break — simpler to use and to audit.
Founding price $199.99 for the first two weeks at launch — the price only goes up from here.
No subscription. No in-app purchases. No tiers. For the people this is built for — journalists, lawyers, anyone serious about who reads what — the price is measured against a single prevented leak, not against free apps that monetize you. The list price stays at $279.99 until the independent audit, which unlocks the next tier ($459.99–559.99); buying once means owning the audited product of the same version.
Coming to the App Store · 2026 · iOS 26+
In transit, yes — and that's worth having. But the channel's protection ends where the content lives: on the device, in app databases, in backups, in every copy along the way. Sealbox seals the text itself, so the channel never holds it in the clear — in transit or at rest. Different layer, different job; they compose.
Free privacy apps are usually paid for with your data or abandoned when funding dries up. Sealbox has no server costs and no investors to satisfy — one honest price, once, funds maintenance for years. The price also matches the audience: if a leak would genuinely cost you, $279.99 is not the expensive option.
Two layers. Whoever finds the phone gets nothing: keys release only to your live biometrics — a passcode doesn't open them. And you lose nothing, if backup is on: restore on the new device with your 24-word recovery phrase, and your identity, contacts, and recoverable vaults return. Your contacts see no alarm — your identity is the same.
Not yet, and we won't pretend otherwise. The design is built exclusively from formally analyzed primitives (CryptoKit, libsodium), the full architecture is published for review, and an independent audit is the declared milestone after launch — it's also what moves the price tier. Until then: don't believe, verify — the serverless claim is observable on the network.
Yes — iOS 26+ at launch. Going deep on one platform (Secure Enclave, CryptoKit, the share sheet) is what makes the security properties real instead of lowest-common-denominator. Other platforms only happen if they can keep the same guarantees.
Nothing. No account, no analytics, no crash reporters sending content, no telemetry of any kind. There is no server to send anything to. This website keeps the same discipline: no cookies, no scripts, no external requests.