Device-bound encrypted vaults

Your customer data, locked down.

Keys are sealed to your device’s hardware — copy the files off it and they’re useless. Open your work apps inside an encrypted vault; unmount and everything vanishes from the file system.

View pricing Download

✓ Hardware-sealed keys✓ Works offline✓ Remote wipe

ShiftSpace

Select a customer to unlock their workspace.

+ Add

Live preview — click a customer to try it.

An interactive preview of the desktop app — try unlocking a workspace.

Three editions, one codebase

The same device-bound vaults everywhere. Cloud adds remote control; Enterprise adds policy and identity.

Feature	Standalone €20 once	Recommended Cloud €20 / year	Enterprise Per seat
Price	€20 once	€20 / year	Per seat
Works offline	✓	✓	✓
Remote lock	–	✓	✓
Remote wipe	–	✓	✓
Microsoft SSO	–	–	✓
Forced policy	–	–	✓
Company branding	–	–	✓
Audit log	–	–	✓
Device-bound vaults	✓	✓	✓
Auto-updates	✓	✓	✓
	Buy now	Subscribe	Contact sales

Security by design

Keys live in your hardware, not in a password you can forget or a server that can leak.

Device-bound by hardware

Each vault key is sealed inside the device’s TPM chip — non-exportable. Copy the files to another machine and they’re useless.

Remote wipe that can’t be dodged

The vault needs a key share the server only releases while your seat is active. Revoke it and the vault is sealed forever — even with the laptop in hand.

Works offline, no data loss

A leased key share sealed to your TPM unlocks offline within a grace window. Internet is only needed to activate — and a network failure never wipes data.

Wipe on failed attempts

After 10 wrong unlocks, keys are destroyed first, then vault files — unreadable even if interrupted.

Your customer data, locked down.

One-time €20, or €20/year with remote lock & wipe.

View pricing Download