Relay operational  ·  FRA · Hetzner DE

Encrypted transport
that burns itself.

Post-quantum. Client-side. RAM-only. Destroyed after one read.
No account. No storage. No trace.

Send a file free → Self-host in 60s ↓
Audited  ·  Open source  ·  EU jurisdiction
Get a free API key → 10 uploads/day  ·  no credit card  ·  30-second form
Active threat Harvest Now, Decrypt Later What is HNDL? →
Now
Harvest (active)
State actors archive encrypted traffic to decrypt later
2026–2028
Preparation
NIST FIPS 203/204 finalized. Transition becomes legally required
~2029
Q-Day
CRQC breaks RSA. The archive opens. Retroactive decryption
Why PARAMANT
Post-quantum
Encrypted before it leaves your device
ML-KEM-768 + AES-256-GCM. The relay never sees plaintext, keys, or filenames.
Zero storage
RAM-only. Destroyed after one read.
Nothing is written to disk. After download, the ciphertext is gone from every layer of the stack.
EU compliant
NIS2, NEN 7510, IEC 62443, eIDAS
Hetzner Frankfurt only. No US CLOUD Act. Data Processing Agreement available.
Free to start
Self-host in 2 minutes or use the managed relay
Community edition is free forever. Up to 5 users. Full source code on GitHub.
Full technical details →
How it works

Four steps. Nothing stored.

1
Encrypt client-side Your file is encrypted in the browser or CLI before it leaves your device. The relay never sees plaintext.
2
Transit via Ghost Pipe The ciphertext blob moves through the relay — padded to 5 MB, hashed into the Merkle log.
3
One-time download The recipient decrypts locally. On first download, the relay erases the blob from RAM.
4
Cryptographic proof The Merkle root is updated. Transfer is proven without storing what was transferred.
Zero friction

Send a file

Drop a file. Get a burn link. No account, no API key required.

Try now →
Verified E2E

ParaShare

ML-KEM-768 key exchange. Recipient verifies relay identity before download.

Try free →
Local transfer

ParaDrop

AirDrop alternative · no Apple · no cloud · burn-on-read.

Try now →
Use cases

One relay engine. Any sector.

Ghost Pipe solves the same core problem across every sector: confidential data transport that leaves no trace.

Healthcare NEN 7510

DICOM files that vanish after delivery

MRI scans reach the PACS system and burn. Nothing to audit, nothing to breach.

NEN 7510 compliance →
§ Legal & Notary eIDAS

Contracts that leave no recoverable trace

Document reaches the counterparty and burns. The Merkle log proves delivery without storing what was delivered.

eIDAS compliance →
Industrial IoT / OT IEC 62443

Sensor data without exposing your OT network

PLC → Ghost Pipe → SCADA. No VPN, no certificates, no direct IT connection.

IEC 62443 compliance →
Finance & Compliance NIS2

No US CLOUD Act. No metadata leakage.

Hetzner Frankfurt only. Fixed 5 MB padding means all transfers look identical on the wire.

NIS2 compliance →
Works today. No SDK required.
pip install cryptography  ·  two terminal commands  ·  no infra changes
View API docs →
Relay network

Ghost Pipe — real-time transport

Public feed. Every dot is an encrypted blob in transit across the relay network. Data is destroyed on arrival.

Relay pipeline
Relay
checking...
Health
checking...
Legal
Finance
checking...
IoT
checking...
Node map
EU/DE · Anycast
AMS planned FRA Hetzner DE ARN planned CDG planned ORD eval Fly.io planned
AMS
planned
FRA
live
ARN
planned
CDG
planned
ORD
eval
Fly.io
planned
Certificate Transparency Log — live
view all →
Log entries
Registered relays
STH
checking...
Current root
syncing...
SHA3-256 · tamper-evident · public
Recent activity
loading...
Every transfer hashed into a Merkle tree — content never stored
View live CT log → Verify this relay → Why post-quantum matters now → Try it for free →
Self-hosting

Run your own relay.

Source-available under BUSL-1.1. Free for up to 5 users. Works on a Raspberry Pi.

curl -fsSL https://paramant.app/install-pi.sh | bash or docker compose up -d
Full deploy guide →
Pricing

Simple pricing. Free to start.

Send files for free, no account required. Scale when you're ready.

FREE
€0
No account · no credit card · 10 uploads/day
  • ML-KEM-768 + AES-256-GCM
  • Burn-on-read — RAM only, never stored
  • 5 MB per file · 1-hour TTL
Send a file free →
PRO
Coming soon
Unlimited · webhooks · 24h retention
  • Unlimited uploads · 500 MB per file
  • 24-hour blob TTL
  • Webhooks & streaming
Get notified →
ENTERPRISE
Custom
Dedicated relay · SLA · compliance docs
  • Dedicated relay · on-premise option
  • IEC 62443 / NIS2 / NEN 7510
  • SLA 99.9% + priority support
Contact us →
See all plans and compare features →
License: BUSL-1.1 — source available  ·  view LICENSE