Cryptomator
Client-side encryption for your cloud files — a German open-source alternative to Boxcryptor.
Overview
Cryptomator is a Bonn, Germany-based European company building open source, privacy, and security software since 2016. As an EU-headquartered provider, Cryptomator operates under GDPR and is outside the reach of the US CLOUD Act, making it a privacy-friendly alternative to well-known US incumbents for European teams.
Why European teams pick Cryptomator
Teams in Europe pick Cryptomator when they want a open source provider that bills in EUR, supports their local data-protection officer requirements, and keeps customer data under Germany law, operating since 2016. Compared with well-known US incumbents, Cryptomator avoids cross-border data transfers under Schrems II and the US CLOUD Act, which is often the deciding factor for European procurement and legal teams.
See more EU open source tools or browse other startups from Germany.
About
Cryptomator is a German open-source encryption tool that adds client-side, zero-knowledge encryption to any cloud storage service — Dropbox, Google Drive, iCloud, OneDrive, or S3-compatible storage. It creates an encrypted vault that appears as a normal folder; files are encrypted before they leave your device and decrypted only on your device. Cryptomator is developed by Skymatic GmbH in Bonn, Germany, is licensed under LGPL, and is audited by Cure53. It enables EU teams and individuals to use any cloud storage service without trusting the provider with the content of their files — a practical solution for GDPR compliance when using US-based storage that is otherwise convenient or mandated by organisational policy.
Details
- Founded
- 2016
- Headquarters
- Bonn, Germany
Categories
Other EU startups like Cryptomator
- FormVaultNorway — GDPR-compliant form builder with end-to-end encryption (AES-256-GCM), EU data residency, and a submission dashboard. No cookie banners needed.
- PocketbaseBulgaria — Open-source backend in a single file — a European alternative to Firebase.
- NocoDBGermany — Open-source Airtable alternative that turns databases into smart spreadsheets.
- BaserowNetherlands — Open-source no-code database and Airtable alternative — built in the Netherlands.
- PortainerNew Zealand — Container management UI for Docker and Kubernetes — a New Zealand/European alternative to Rancher.
- NetdataGreece — Open-source real-time infrastructure monitoring — an alternative to Datadog.
Frequently asked questions
What is Cryptomator?
Cryptomator is a German open-source encryption tool that adds client-side, zero-knowledge encryption to any cloud storage service — Dropbox, Google Drive, iCloud, OneDrive, or S3-compatible storage. It creates an encrypted vault that appears as a normal folder; files are encrypted before they leave your device and decrypted only on your device. Cryptomator is developed by Skymatic GmbH in Bonn, Germany, is licensed under LGPL, and is audited by Cure53. It enables EU teams and individuals to use any cloud storage service without trusting the provider with the content of their files — a practical solution for GDPR compliance when using US-based storage that is otherwise convenient or mandated by organisational policy.
What does Cryptomator do?
Cryptomator is client-side encryption for your cloud files — a german open-source alternative to boxcryptor. It is listed under open source, privacy, and security on EU Alts because its core functionality serves teams looking for a European open source tool with EU data residency, typically as a switch away from well-known US incumbents.
Is Cryptomator a good European open source alternative?
Cryptomator is a fit for European businesses evaluating open source options where data residency and GDPR alignment matter — typical buyers include EU-based SaaS teams, public-sector projects, regulated industries (healthcare, finance, legal), and any organisation that needs to demonstrate that customer data does not leave the EU. It also overlaps with privacy and security use cases.
Is Cryptomator GDPR compliant?
Cryptomator is headquartered in Bonn, Germany and falls under EU jurisdiction, so it processes user data under the GDPR by default. Customer data processing is supervised by Germany's data protection authority, the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI). Because the company is not US-incorporated, it is not subject to the US CLOUD Act — meaning US authorities cannot compel Cryptomator to disclose customer data the way they can with well-known US incumbents. For European buyers, that often simplifies DPIA paperwork and standard contractual clauses.
How do teams switch from well-known US incumbents to Cryptomator?
Most teams move to Cryptomator from well-known US incumbents because they want EU data residency without giving up the core open source workflow. Cryptomator's Germany base means a single jurisdiction for both the company and (typically) its hosting infrastructure, so you can drop Schrems II transfer impact assessments for this part of your stack. Plan the migration in stages: export your data from the US incumbent, pilot Cryptomator with a small team, then move the rest once the integration coverage you need is confirmed.
Where is Cryptomator based?
Cryptomator is headquartered in Bonn, Germany. The company was founded in 2016. Its main website is https://cryptomator.org.