# UltimaOS (uOS) > A private, post-quantum encrypted personal workspace that runs entirely in your browser. Chat, mail, files, notes, documents, spreadsheets, presentations, kanban boards, calendar — together in one familiar workspace where the most sensitive data is end-to-end encrypted with NIST-standardized post-quantum cryptography. Invite-only, zero cookies, zero tracking, no password database. Built and hosted in the European Union. UltimaOS (uOS) is a web-based personal operating system focused on privacy and accountability. There is no open registration — every account is created through a personal invitation, which keeps the network free of anonymous strangers, bot armies, and spam. Private keys are derived in the user's browser from three secrets that never leave the device, so there is no password database that can be breached. The product is in active development (alpha / closed beta). Early access is free. ## What uOS is A single browser tab that replaces a stack of separate services: messaging, mail, file storage, notes, to-dos, documents, spreadsheets, presentations, kanban boards, calendar, an AI assistant, an app studio, and a marketplace of community-built apps. Every member can spin up their own **platform** — an isolated workspace with its own name, branding, members and app selection — for a family, club, neighbourhood, company, or builder community. ## Cryptography uOS uses 100% post-quantum cryptography. There is **zero RSA and zero elliptic-curve cryptography** anywhere in the system. - **ML-DSA-65 (FIPS 204)** — digital signatures (1952-byte public keys) - **ML-KEM-768 (FIPS 203)** — key encapsulation (1184-byte public keys) - **XChaCha20-Poly1305** — symmetric authenticated encryption - **HKDF-SHA256** — domain-separated key derivation - **Argon2id** — password-derived material - **AES-256-GCM** — local browser cache encryption (IndexedDB vault) Communication is **WebSocket-first**: HTTP is used only for the initial login handshake. All other authenticated operations — chat messages, file transfers, mail, board edits, AI calls — go through a signed WebSocket. Every WS message is signed with ML-DSA-65. ## What is and isn't end-to-end encrypted uOS is deliberately precise about this: - **End-to-end encrypted** (server stores ciphertext only, cannot read): chat messages and attachments, internal mail (uMail), file contents **and file names**, notes, to-do lists, collaborative documents (uDoc), spreadsheets (uSheet), presentations (uPresent), and kanban boards (uBoards). - **Processed server-side today** (encryption on the active roadmap): calendar. We will keep stating clearly which is which at any time. - **One honest exception**: when a user invokes the AI assistant or the chat translator, the text in that request is processed in plaintext by the chosen AI provider so it can produce an answer. It is always explicit and opt-in, and the AI provider is the user's (or platform admin's) choice. ## Identity, login and recovery - **Three-secret login.** Instead of a password, users sign in with three secrets that only they know. The browser turns those secrets into the user's cryptographic keys on the device — nothing is sent to the server, and there is no password database to leak. - **No central credential store.** The server holds public keys only. - **3-of-5 recovery.** uOS gives each user five key-files; any three together reconstruct the account. Users keep them wherever they like (USB stick, drawer, personal cloud, trusted people) — there is no recovery custodian in the middle. - **Sessions are RAM-only.** Browser storage (localStorage/sessionStorage) is actively wiped on every page load; session state exists in memory only. ## Multi-platform architecture Every user can create and own multiple **platforms** — fully isolated workspaces with their own name, branding, members, admin roles and app selection. A user can belong to several platforms (e.g. personal, family, employer, club) and switch context instantly, but the platforms never share data with each other. Platform IDs are server-issued UUIDs. Use cases highlighted on the site: - **For your family** — photos, chats, shopping lists, family calendar in your own private corner of the internet. - **For your club or community** — sports clubs, choirs, neighbourhoods, organised without the group-chat chaos. - **For your company** — bulk-invite a whole team into a private encrypted workspace with chat, docs, boards, files and calendar in minutes. - **For builders** — create apps in Studio and share them with other platforms through the Marketplace. ## Apps - **uChat** — End-to-end encrypted messaging with voice messages, reactions, attachments, and built-in translation into 26 languages. - **uMail** — Private mail, end-to-end encrypted. - **uFiles** — Encrypted cloud drive; even **file names** are encrypted. Sharing re-encrypts the filename for each recipient with their ML-KEM-768 key. - **uNotes** — Private, pinned, colourful notes — unreadable to anyone but the owner. - **To-dos** — Encrypted to-do lists with due dates and priorities. - **uDoc** — Documents inside the workspace (no separate office suite). - **uSheet** — Spreadsheets for budgets, plans and lists. - **uPresent** — Presentations built in the browser. - **uBoards** — Kanban boards with cards, labels, assignees, due dates, comments, attachments. - **Calendar** — Events, reminders, and calendars shared with chosen people. - **uAI** — AI assistant in every app. Bring your own AI: in-house model, private cloud deployment, or a commercial API on your own key. - **uStudio** — Describe an app in plain words and Studio builds it; deploy it to your platform or publish it through the Marketplace. - **uBrowse** — Internal browser for uStudio-published sites and internal pages. - **uMarket** — Marketplace of community-built apps. - **uContacts**, **uNews**, **uLine**, and more arriving as the platform grows. ## AI on your terms AI assistance is built into the workspace, but the AI **provider is the user's or platform admin's choice**: - **Your in-house model** on your own infrastructure (your endpoint, your logs). - **Private cloud deployment** (dedicated instance, chosen region). - **Commercial API on your own key** (OpenAI-compatible or Anthropic). Prompts go where the platform's policy says they go — never through a provider the user did not choose. Stored content remains end-to-end encrypted regardless of which AI is connected. ## Privacy guarantees - **Zero cookies, zero tracking, zero third-party analytics** on the workspace surfaces. - **No password database** — keys are derived in the browser; the server stores public keys only. - **Private keys never leave the device** — they live only in volatile memory. - **Browser storage is wiped on boot** — `localStorage` / `sessionStorage` are explicitly not used. - **Your data is never sold.** - **Built and operated in the EU**, GDPR compliant by architecture. ## uOS for Business A focused offering for organisations: - **A platform, not a tenant** — full isolation: your members, branding, app selection, admin roles, data. - **Invitation-based membership** — verified identities, no anonymous accounts, clear chain of accountability. - **Post-quantum by default** — addresses the "store now, decrypt later" threat model regulators are starting to ask about. - **Bring-your-own AI** at platform level. - **Fast adoption, not migration projects** — nothing to install, no MDM packaging, familiar UX, extensible with Studio. - Onboarded individually during early access; free while in early access; transparent pricing for commercial platforms afterwards. Compliance highlights: GDPR compliant · zero cookies · NIST FIPS 203 / 204 cryptography · no password database · data never sold · built in the EU. ## Where to go - **Public landing page:** https://uos.sh/ - **For organisations:** https://uos.sh/business/ - **Public demo (no signup):** https://uos.sh/demo/ - **Sign in:** https://uos.sh/login - **Request an invite:** contact form on the landing and business pages ## Status - Closed beta (invite-only) - Free during early access - Web-only (Chrome, Firefox, Safari, Edge); an optional desktop tray agent is available for download to enable native desktop notifications ## What this site is not - Not open source — proprietary, protected commercial codebase - Not advertising-supported — no ads, no tracking, no data resale - Not federated — single-operator architecture (data is end-to-end encrypted, but the platform itself is hosted by UltimaOS) ## Contact - General inquiries: contact form at https://uos.sh/ - Business inquiries: contact form at https://uos.sh/business/