Everything you need.
Nothing they can read.

A deep dive into the technology that makes oh·my·doc the most private document manager available.

Your documents. Only yours.

End-to-End Encryption

Every document, every file name, every tag, and every search term is encrypted with AES-256-GCM before it leaves your device. The server stores only opaque ciphertext. Even if someone gains full access to the server and database, they see nothing but random bytes.

  • AES-256-GCM symmetric encryption
  • Argon2id key derivation (WASM)
  • Hierarchical key architecture
  • Automatic key zeroing on logout
Search everything. Share nothing.

Client-Side OCR

Text recognition happens entirely on your device. In the browser, Tesseract.js (WASM) processes your PDFs page by page. On iOS, Apple's Vision framework handles it natively. The extracted text is encrypted and stored as part of your search index — the server never sees a single word.

  • Tesseract.js (WASM) in the browser
  • Apple Vision on iOS
  • English & German language support
  • Non-blocking — OCR failure never blocks upload
Share a vault, not your keys.

Secure Sharing

Invite others to your encrypted spaces using X25519 cryptographic key exchange. The space's decryption key is encrypted specifically for each recipient's public key. The server facilitates the exchange but never sees the key in plaintext. Set granular permissions per member.

  • X25519 + XSalsa20-Poly1305 key exchange
  • Read, Edit, or Full Access permissions
  • Invite by email, secured by public key
  • Revoke access anytime
Your keys. Your backup.

24-Word Recovery Key

At registration, you receive a BIP39 mnemonic — 24 words that encode 192 bits of entropy. If you ever forget your password, these words let you derive a recovery key to decrypt your private key and set a new password. No server-side reset. No admin intervention. You hold the keys.

  • BIP39 mnemonic (192-bit entropy)
  • Displayed once, never stored
  • Works without server involvement
  • Full account recovery
Scan. Encrypt. Done.

Native iOS App

A purpose-built SwiftUI app with a built-in document scanner. Point your camera, and the app handles edge detection, perspective correction, and color optimization. Review your scans, reorder pages, then convert to PDF — all on-device. OCR runs through Apple's Vision framework. Encrypt and upload in one tap.

  • Document scanner with edge detection
  • Drag-to-reorder, rotate, crop
  • On-device OCR via Apple Vision
  • Full E2E encryption on iOS
Lightning-fast. Completely private.

Full-Text Search

Search across all your documents, tags, correspondents, and OCR text — instantly. Powered by Orama, an in-memory search engine that runs entirely in your browser. Relevance-boosted results with contextual snippets. The server never knows what you're looking for.

  • Orama in-memory search engine
  • Relevance boosting (name 3x, tags 2x)
  • Contextual result snippets
  • Runs entirely client-side
Tags, correspondents, views.

Smart Organization

Organize documents with encrypted tags and correspondents. Create custom views with saved filters and sorting. Everything is stored in encrypted space metadata — the server sees only ciphertext. New uploads are automatically tagged as Inbox, so nothing gets lost.

  • Encrypted tag & correspondent registries
  • Saved views with custom filters
  • Automatic Inbox tagging
  • Rename without re-indexing
Always in sync. Always encrypted.

Delta Sync

Efficient delta-based synchronization keeps your devices up to date. Only changed entries are transferred, each with a version number. The backend is always the source of truth. Local IndexedDB stores decrypted copies for instant search and display.

  • Versioned index entries
  • Fetch only deltas since last sync
  • Backend is source of truth
  • Soft-delete tombstones for consistency

Ready to take control of your documents?

Start for free. No credit card required.

Create Free Account