Zero-knowledge encryption — We can't see your data

No Password. No Email. Just Pure Privacy.

ImageTome is the first image sharing platform built on true zero-knowledge principles. Create private spaces called Tomes, share images and posts with your team — all encrypted end-to-end in your browser before anything touches our servers.

No email required
No passwords
We can't see your data
Create Your First Tome See How It Works

Built with industry-standard security

AES-256-GCM RSA-4096 Web Crypto API Client-side only

Traditional image sharing is broken

Every major platform has the same fundamental flaw: they can see everything you share.

The Old Way

  • Platform stores your images unencrypted
  • Employees can view your private photos
  • Data breaches expose everything
  • Government requests reveal your data
  • AI trains on your private images

The ImageTome Way

  • Images encrypted before upload
  • We physically cannot view your content
  • Breaches only expose encrypted noise
  • Nothing to hand over — we don't have keys
  • Impossible to train AI on encrypted data

Privacy by design, not by policy

We didn't add encryption as an afterthought. It's the foundation everything is built upon.

No Passwords Ever

Forget password managers and security questions. Your cryptographic keypair is your identity. Login by proving you can decrypt a challenge — unhackable and unphishable.

No Email Required

Your email is PII that links to your real identity. We don't need it, so we don't ask for it. Choose any username you want — that's all we need to know.

Zero-Knowledge Encryption

All encryption happens in your browser using AES-256-GCM. We only store encrypted blobs. We mathematically cannot read your content — not now, not ever.

Cryptographic Sharing

Invite others to your Tomes using their public key. The encryption key is securely wrapped so only they can unwrap it. No shared passwords, no access links.

Your Keys, Your Control

Download your recovery key file when you register. It's the only way to access your account. Store it safely — we can't recover it because we never have it.

Real-time Updates

See new posts and images appear instantly. Encryption doesn't mean slow. Everything updates in real-time using WebSocket connections.

How it works

Strong security doesn't have to be complicated. Here's how ImageTome protects your privacy.

1

Create an Account

Choose a username. Your browser generates a unique cryptographic keypair. Download your recovery key file — this is your only login credential.

2

Create a Tome

A Tome is an encrypted space. Your browser generates a unique AES-256 key for the Tome and encrypts it with your public key before storing.

3

Share Content

Upload images or create posts. Everything is encrypted with the Tome's key in your browser before being sent to our servers.

4

Invite Others

Add team members by username. The Tome's key is encrypted with their public key so only they can decrypt it. No shared passwords needed.

Under the hood

RSA-OAEP 4096-bit

Asymmetric encryption for key exchange

AES-256-GCM

Symmetric encryption for content

PBKDF2 600K

Key derivation with 600,000 iterations

Web Crypto API

Browser-native cryptography

Everything you need, fully encrypted

Share images, write posts, collaborate with comments — all protected by end-to-end encryption.

Encrypted Images

Upload up to 25 images per post. Each one encrypted with AES-256-GCM.

Encrypted Posts

Write posts with titles and content. All text encrypted before leaving your browser.

Encrypted Comments

Discuss in real-time with encrypted comments on posts and images.

Secure Invites

Add members to Tomes. Keys shared via public-key cryptography.

Frequently asked questions

Got questions? We've got answers.

Your recovery key is the only way to access your encrypted data. If you lose it, there is no way to recover your account or any of your encrypted content. We cannot reset it or recover it for you because we never have access to it. This is by design — it's the only way to guarantee true privacy.
No, absolutely not. All encryption and decryption happens entirely in your browser. We only store encrypted blobs that look like random noise to us. We don't have the keys to decrypt them, and we never will. Even if someone gained access to our servers, they would only find encrypted data.
Traditional authentication has fundamental flaws. Passwords can be phished, leaked, or brute-forced. Emails create a link between your identity and your data. Our cryptographic approach means your keypair IS your identity — there's nothing to steal, nothing to phish, and no password database to breach.
When you invite someone to a Tome, we use public-key cryptography to securely share the encryption key. The Tome's key is encrypted with the invitee's public key so only they can decrypt it. The actual content key never touches our servers in plaintext form.
We use industry-standard cryptography: RSA-OAEP (4096-bit) for asymmetric key operations, AES-256-GCM for symmetric encryption of content, and PBKDF2 with 600,000 iterations for key derivation. All cryptographic operations use the Web Crypto API built into modern browsers.
We believe in transparency. Our encryption implementation is auditable, and we're committed to the principles of open security. You can verify that your data is encrypted before it leaves your browser using your browser's developer tools.
We're working on export functionality so you can always download your encrypted data along with your keys. With your recovery key, you'll always have access to your data regardless of whether our service exists.

Ready for real privacy?

Create your first encrypted Tome in under 30 seconds. No email. No password. Just pure, uncompromising privacy.

Get Started Free

No credit card required. No email needed.