Mobile & Desktop · Open Source · Free Forever

One vault.
Every device.
Zero cloud.

NeuroKey is a cross-platform security ecosystem — AES-256 encrypted on Android and Windows, synced privately over your home Wi-Fi with no server in the middle. Your data never touches the internet.

Get it on Google PlayDownload for Windows (.exe)
A
B
C
D
2,400+ developers and privacy advocates on the waitlist
NeuroKey Desktop
NeuroKey desktop app screenshot
NeuroKey mobile app screenshot

Everything you need.Nothing you don't.

Purpose-built for people who refuse to compromise on security.

Military-Grade AES-256 Encryption

Every byte is encrypted before it touches storage. NeuroKey uses AES-256 with a PBKDF2-derived key (5,000 iterations) bound to your biometrics. No server holds your key. Ever.

vault/crypto.ts
// Derive 256-bit key via PBKDF2 (5,000 iterations)
const aesKey = await crypto.subtle.deriveKey({ name: "PBKDF2", salt, iterations: 5_000 }, ...);
const ciphertext = await crypto.subtle.encrypt({ name: "AES", iv }, key, data);
// ✓ zero network calls

Biometric Lockdown

Unlock with Face ID, fingerprint, or your Master Password fallback. Your biometric handle stays in the Secure Enclave — NeuroKey never sees it.

Face IDTouch ID

Cloudless Device Sync

Sync mobile ↔ desktop over your home Wi-Fi via QR code pairing. No server. No internet. Encrypted end-to-end.

Breach Radar

Checks passwords against known breaches using thek-anonymity model— only the first 5 characters of a SHA-1 hash ever leave your device. Your actual password ismathematically impossible to derivefrom what's transmitted.

Monitoring Active
Explore all features
Android
Local Wi-Fi · AES-256
Windows

Step 1 — Scan QR code

Desktop generates a QR. Mobile scans it. Encrypted tunnel opens instantly.

0 cloud hops
Cloudless Device Sync

Sync your devices. Keep the cloud out of it.

The desktop app spins up a secure local server and displays its address as a QR code. Scan it on your phone and the two devices open an encrypted tunnel entirely over your home Wi-Fi — no intermediary, no relay, no cloud vulnerability.

  • QR Code PairingOne scan to establish a secure local tunnel — no IPs to type, no accounts to link.

  • Zero-Knowledge TransferVault data travels through your router only. It never touches the internet.

  • Last-Write-Wins MergeTwo-way sync with timestamp-based conflict resolution keeps both vaults consistent.

  • Tombstone DeletionsDeleted entries are soft-deleted first, so accidental deletes don't silently vanish on the other device.

Read the full sync architecture
Security Architecture

Built differently.Built safely.

No shortcuts. NeuroKey uses Native Hardware Cryptography directly — the same primitives trusted by banks and governments.

  • PBKDF2 (5k iterations)Makes brute-force ~3 billion× harder

  • AES-256Authenticated encryption — detects tampering

  • Secure Enclave bindingKey derivation anchored to biometrics

  • Rust + Tauri desktopMemory-safe native binary — no Electron, no bloat, no V8 heap

  • P2P encrypted handshakeLocal tunnel uses the same AES-256 vault key — sync never touches a relay server

Deep dive into the architecture
vault/encryption.ts
// ① Require Biometrics to unlock Hardware Secure Module
const masterKey = await SecureStore.getItemAsync("ENCRYPTED_VAULT_KEY", {
  requireAuthentication: true,
  authenticationPrompt: "Unlock NeuroKey Vault"
});

// ② Decrypt Vault Data locally via AES-256
const decryptedVault =  AES.decrypt(encryptedBlob, masterKey);

// ✓ Data never leaves the device's memory

Learn about Cybersecurity

Deep dives into the cryptography and architecture that keeps your data safe.

View all articles

Frequently asked questions

Everything you need to know before you trust us with your trust.

Join the waitlist — free forever

Take back control of your digital identity.

Be first to hear about updates, security audits, and new features. No spam — only signal.

Orget it on Google Play— no signup needed.