Skip to main content
CryptPad logo

CryptPad

Verified

“French through and through β€” and the server can't read your data anyway.”

Operating HQ
πŸ‡«πŸ‡· Paris, France
where it's run
Legal domicile
πŸ‡«πŸ‡· France (SAS)
where it's incorporated
Founded
2004
Ownership
Employee-owned
Workforce
70+
Encryption
Zero-knowledge
94/100
Sovereign: Yes
Control ↑
95
Data β†’
93

94 = midpoint of Control 95 & Data 93

ConfidenceHigh (88%)

Sovereignty Quadrant

Control ↑ who owns & governs the company  Β·  Data β†’ where your data lives. Every dot is a company β€” click to open it.

Where your data lives β†’ Who controls the company β†’ 7 companies Β· fully non-EU (0/0) TikTok β€” Data 32, Control 24 Google β€” Data 16, Control 14 Youtube β€” Data 14, Control 16 Ionos β€” Data 90, Control 90 Disneyplus β€” Data 16, Control 12 Telegram β€” Data 34, Control 14 Carrefour β€” Data 100, Control 32 Corriere β€” Data 100, Control 100 Microsoft β€” Data 26, Control 14 Amazon β€” Data 14, Control 10 Amazon β€” Data 66, Control 0 Reddit β€” Data 14, Control 10 Netflix β€” Data 24, Control 20 LinkedIn β€” Data 14, Control 16 Reuters β€” Data 26, Control 0 Pinterest β€” Data 12, Control 12 Discord β€” Data 16, Control 20 AliExpress β€” Data 18, Control 12 Twitch β€” Data 18, Control 16 Samsung β€” Data 62, Control 4 Canva β€” Data 24, Control 20 Spotify β€” Data 30, Control 68 Apple β€” Data 16, Control 16 GitHub β€” Data 16, Control 10 Uber β€” Data 16, Control 16 Salesforce β€” Data 20, Control 14 Deepl β€” Data 70, Control 78 Airbnb β€” Data 18, Control 18 Shopify β€” Data 18, Control 18 Mastercard β€” Data 36, Control 16 Dropbox β€” Data 14, Control 10 HubSpot β€” Data 24, Control 10 Notion β€” Data 22, Control 16 Stripe β€” Data 30, Control 30 Zalando β€” Data 52, Control 88 Figma β€” Data 18, Control 10 SAP SE β€” Data 68, Control 78 Atlassian β€” Data 18, Control 18 Proton β€” Data 72, Control 54 Miro β€” Data 100, Control 44 Klarna β€” Data 44, Control 42 Ecosia β€” Data 60, Control 92 Zoom β€” Data 20, Control 14 Adyen β€” Data 84, Control 84 GitLab β€” Data 26, Control 14 Slack β€” Data 14, Control 20 Hetzner β€” Data 84, Control 96 Deezer β€” Data 62, Control 66 Typeform β€” Data 100, Control 52 OVHcloud β€” Data 82, Control 94 Tutanota β€” Data 100, Control 100 BlaBlaCar β€” Data 54, Control 76 Qwant β€” Data 56, Control 88 Bitwarden β€” Data 28, Control 20 Contentful β€” Data 34, Control 48 Personio β€” Data 34, Control 58 Ikea β€” Data 34, Control 100 Whatsapp β€” Data 14, Control 12 Instagram β€” Data 28, Control 22 X β€” Data 14, Control 16 Avast β€” Data 60, Control 0 Paypal β€” Data 24, Control 32 Kaspersky β€” Data 56, Control 0 Dailymotion β€” Data 100, Control 74 Snapchat β€” Data 12, Control 14 Nextcloud β€” Data 88, Control 94 Tresorit β€” Data 52, Control 62 93 95 CryptPad
CryptPad β€” verified peers β€” automated estimate (0–50 pillars, normalized)

Every number below traces to 13 sourced facts across 4 independent sources, last verified 2026-06-12. 3 open questions hold confidence at 88% β€” they lower confidence, never the score.

Control ↑

Who legally and economically controls the company

95/100
6 facts Β· 3 sources Β· high confidence
Legal & Jurisdiction
95

Incorporated and operated entirely in France. XWiki SAS is a French sociΓ©tΓ© par actions simplifiΓ©e, registered in the Paris Trade & Companies Register, with no foreign parent. EU law (GDPR, CNIL) reaches it directly and there is no competing foreign jurisdiction over the operating entity.

Why 95? 3 sourced facts · click to expand
XWiki SAS, RCS Paris 477 865 281

Legal form and registration

XWiki Legal Notice Β· as of 2026-06-12

4 Rue du Faubourg Poissonnière, 75010 Paris

Registered office in France

XWiki Legal Notice Β· as of 2026-06-12

FR jurisdiction

Operates under EU/French data-protection law (GDPR, CNIL)

Privacy Guides β€” CryptPad Review Β· as of 2025-02-07

Control & Ownership
95

Privately held and employee/contributor-owned. XWiki SAS states all shareholders are employees, ex-employees, or open-source contributors; the company is not listed and explicitly does not report to external investors. Both voting control and economic interest sit in the EU.

Why 95? 3 sourced facts · click to expand
Employee & contributor owned

Shareholders are employees/ex-employees/OSS contributors

XWiki β€” Who We Are Β· as of 2026-06-12

No outside VC/PE

Independent; no external financial-only investors

XWiki β€” Who We Are Β· as of 2026-06-12

Founder-led, private

Founded 2004 by Ludovic Dubost (CEO)

XWiki Legal Notice Β· as of 2026-06-12

Data β†’

Where your data lives and who can reach it

93/100
7 facts Β· 4 sources Β· mixed confidence
Data & Infrastructure
92

User data lives on OVHcloud, a French-owned provider, in French datacenters β€” not a US hyperscaler. Critically, CryptPad's zero-knowledge end-to-end encryption means content is encrypted in the browser and is unreadable by the server, so even a CLOUD Act-style demand to the host would yield ciphertext, not documents. Caveat: operators can still see metadata (IP, activity).

Why 92? 4 sourced facts · click to expand
OVH SAS, RCS Roubaix–Tourcoing 424 761 419

Hosting provider is OVH (French company)

XWiki Legal Notice (hosting section) Β· as of 2026-06-12

Zero-knowledge E2EE

Content encrypted in browser; server/admins cannot read it

CryptPad β€” About Β· as of 2026-06-12

XSalsa20-Poly1305, Ed25519

Encryption primitives

Privacy Guides β€” CryptPad Review Β· as of 2025-02-07

Metadata exposure

Operator can still see metadata (IP, activity)

Privacy Guides β€” CryptPad Review Β· as of 2025-02-07

Operations & People
95

Operations are EU-centered: HQ in Paris with a second office in IaΘ™i, Romania, 70+ staff across France and Romania, a French CEO/founder, and EUR reporting (share capital stated in euros). No meaningful operational center of gravity outside the EU.

Why 95? 3 sourced facts · click to expand
FR + RO workforce

70+ employees across France and Romania

XWiki β€” Who We Are Β· as of 2026-06-12

Paris + IaΘ™i

Offices in Paris (FR) and IaΘ™i (RO)

XWiki β€” Who We Are Β· as of 2026-06-12

EUR reporting

Euro-denominated company (share capital €38,160)

XWiki Legal Notice Β· as of 2026-06-12

Aligned to the EU Commission’s official Cloud Sovereignty Framework (SEAL, Jun 2026) β†’

What we don’t know 3 open questions β€” they lower confidence, never the score
  • ?

    Exact split of where CryptPad.fr user data physically sits within OVHcloud (which French/EU datacenter region).

    Low β€” provider is French-owned and EU-located either way, and content is E2EE; precise region would only refine the infra score.

  • ?

    Whether any third-party (US-based) analytics, payment, or CDN processors touch cryptpad.fr (e.g. for the paid Cloud subscription billing).

    Medium β€” non-core processors could introduce limited foreign-law exposure for metadata/billing, though not document content.

  • ?

    Current precise headcount split between France and Romania, and any non-EU contractors.

    Low β€” both stated locations are in the EU; would not change the operations verdict.

EU Cloud Sovereignty Framework lens

SEAL was designed to score cloud service providers; CryptPad is applied here as an analogous mapping for sovereignty signaling, not as a formal SEAL certification.

Strategic

Independent EU company, mission-aligned employee ownership, no foreign control or investor exit pressure.

strong

Legal & jurisdictional

French SAS, RCS Paris registered; squarely under GDPR/CNIL with no competing foreign jurisdiction over the operating entity.

strong

Data & AI

Zero-knowledge E2EE means content is unreadable by the server; no AI-data harvesting business model.

strong

Operational

HQ Paris + office IaΘ™i; 70+ staff entirely within EU (FR/RO); EUR reporting.

strong

Supply chain

Core hosting on French-owned OVHcloud; potential minor non-EU processors (billing/CDN) for the paid Cloud tier are unverified.

moderate

Technological

Fully open-source (AGPL-3) client and server; self-hostable, removing any single-operator dependency.

strong

Security & compliance

Strong audited-style crypto (XSalsa20-Poly1305, Ed25519) and GDPR posture; metadata (IP/activity) still visible to operator, and no public formal certification (e.g. ISO 27001) confirmed.

moderate

Environmental sustainability

No verified data on energy sourcing or carbon reporting found for XWiki SAS or its OVHcloud footprint.

not assessed
EU alternatives
πŸ‡©πŸ‡ͺ Nextcloud nextcloud.com EU-controlled

German open-source collaboration/office suite; self-hostable, widely used in EU public sector. Different model (not zero-knowledge by default) but a strong EU peer.

πŸ‡ΊπŸ‡Έ Skiff (discontinued) skiff.com not an EU alternative

Former E2EE docs competitor β€” US-based and shut down after acquisition by Notion; listed only as a cautionary non-EU contrast.

πŸ‡¨πŸ‡­ Tresorit tresorit.com with caveats

Zero-knowledge encrypted collaboration with strong privacy law, but Swiss (not EU) and owned by Swiss Post; adequacy-based rather than EU-internal.

How the method works

Methodology v2 (provisional): the score is the midpoint of two axes β€” Control (who owns and governs the company) and Data (where your data lives and who can reach it). Each axis is scored only on verified evidence; unknowns reduce confidence, never the score. Every input below is sourced; the weights and judgments are open to challenge.

Spotted an error? Every claim is sourced β€” challenge it and we correct the record.
  • 2026-06-12 β€” Initial golden profile, authored from primary sources (human + AI review).

Report Incorrect Data

Found an error in this company's profile? Help us improve our data by submitting a correction.

Required so we can follow up if needed. We won't share your email.

Verified 2026-06-12 Β· Human + AI joint review (sources independently checked) Β· Methodology