CryptPad: A Private Workspace That Doesn’t Trade Off Control for Convenience
When most online tools ask for trust, CryptPad offers something else: proof. It’s a web-based platform for notes, spreadsheets, to-do boards, and forms — but every bit of content is encrypted before it leaves the browser. Not kinda-encrypted. Not just transport-encrypted. Actually encrypted, end-to-end.
There’s no server-side indexing, no surveillance, no ‘oops, we got breached and your files were public.’ The backend can’t read anything. Not even filenames.
And the best part? You can run it yourself, on your own server, with no licensing strings attached.
Why People Use It (and Keep Using It)
| Built-In Tool | What It’s Actually Good For |
| Text Pad | Jot down notes, share docs, edit together in real time |
| Spreadsheet | Basic tables and calculations — private, collaborative, browser-only |
| Kanban Board | Task tracking with no cloud lock-in |
| Code Pad | Syntax-colored editor for snippets, notes, or sharing scripts |
| Whiteboard | Collaborative sketching without plugins |
| Form Builder | Collect feedback without Google’s data collection |
| Slides | Simple presentations — works in the browser, even offline |
| Shared Folders | Organize content by topic or team |
| End-to-End Encryption | Enforced by the client — not optional, not configurable |
Real Use Cases
– Self-hosters running private team wikis or shared pads
– Internal collaboration in teams that can’t risk leaks (journalists, researchers, NGOs)
– Family servers — shared grocery lists, plans, docs — without Google logins
– Students and study groups exchanging notes without external services
– Developers who want Markdown, code, and diagrams — with real privacy
Requirements (Nothing Fancy)
| What | Details |
| OS | Linux (Debian/Ubuntu preferred) |
| Web Server | Nginx or Apache (for TLS termination) |
| Node.js | v16 or newer |
| Database | None — uses flat files |
| Access | Works fully in-browser; no desktop apps needed |
Install It (Quick Version)
git clone https://github.com/xwiki-labs/cryptpad.git
cd cryptpad
npm ci
cp config/config.example.js config/config.js
node server.js
Now visit http://localhost:3000 or set up a reverse proxy for HTTPS and domain access.
First user becomes the admin. Everything else happens inside the browser.
A Few Things That Stand Out
The server literally can’t see your data. You control access. Lose the key — lose the content.
Performance is fast even on basic VPSes — no external DB, no background crawlers.
Built-in apps cover just enough: pads, boards, forms, files — all encrypted.
No trackers, no telemetry, no ads. The browser talks to the server, and that’s it.
Final Word
CryptPad is what happens when collaboration software is built by people who don’t want to read your documents. If you’re tired of pretending Google is ‘private enough’ — and want a space that’s truly yours — this might be the simplest, safest way to do it.
