We built Myximus on a simple principle: a privacy company that can hand over your data isn't a privacy company. So we built one that can't.
We don't ask you to trust us. We ask you to read the architecture. Click any claim to see how it works.
Every Myximus mailbox is encrypted on disk using Dovecot's mail-crypt plugin with per-user EC keys (secp521r1). Your key is generated from your password at account creation and never stored in plaintext. The mailbox on disk is ciphertext. Without your password — even with full server access, even with root — the stored mail cannot be read. We verified this: accessing an encrypted mailbox without the password returns "Private key not available."
We run our own mail infrastructure: Postfix for sending, Dovecot for storage, Roundcube for the web interface. No Microsoft, no Google, no relay through any third party. Email travels encrypted in transit (TLS enforced). Email at rest is encrypted per-user. If you reset your password, a new key is generated — old mail encrypted under the old key cannot be recovered. That's not a limitation. That's the guarantee.
We want to be precise about what this means: incoming email is plaintext during delivery, and webmail decrypts server-side during your active session. This is encryption at rest — the strongest protection against stolen hardware, compromised backups, and physical server seizure. True end-to-end encryption (where even active sessions are opaque to the server) is a larger project on our roadmap.
Myximus Vault runs on Vaultwarden — a self-hosted implementation of the Bitwarden protocol, which is open source and independently audited. Your master password never leaves your device. All encryption and decryption happens locally in your browser or app.
What we store on our server is an encrypted blob. Without your master password, it's meaningless data. We cannot decrypt it. Law enforcement cannot ask us to decrypt it. It is mathematically locked to you.
Every search you run on Myximus goes through SearXNG — an open-source metasearch engine running entirely on our server. When you search, SearXNG queries multiple sources on your behalf, aggregates the results, and returns them to you. The sources never see your IP address. We never log your queries. There is no profile being built.
Compare that to Google, where every search is stored, associated with your account, used to build an advertising profile, and retained indefinitely. On Myximus Search, by the time results appear on your screen, the query is already gone.
Most websites load 10–30 third-party scripts the moment you visit — analytics, advertising pixels, social tracking buttons, chat widgets. Each one is a company watching you browse. We audited every resource on myximus.com and removed all of them.
We use Umami — a self-hosted, cookie-free analytics tool that runs on our own server. It tells us how many people visit and which pages are popular. It doesn't know who you are, doesn't set cookies, and doesn't share data with anyone. We use it to improve the product, not to profile users.
Policies can be ignored. Architecture cannot. We made deliberate choices at every layer of the stack so that security is the default, not something that depends on the right person following the right procedure.
The backend runs as a non-root system user — even if an attacker compromises the application, they cannot access system files. Rate limiting is enforced at the nginx layer before requests reach any code. Our DNS has a CAA record that restricts SSL certificate issuance to Let's Encrypt only — no certificate authority can issue a fraudulent cert for myximus.com. Vaultwarden is pinned to a specific version with all known CVEs resolved.
When you reset your password, we don't store the reset token — we store a SHA-256 hash of it. The token itself only ever lives in the email we send you. It expires in 15 minutes and cannot be used twice. Your recovery email is encrypted in our database using AES-256-GCM — we store the ciphertext, not your backup address in plaintext.
The password reset process updates your mailbox credentials through a locked privilege-separation helper — a root-owned script that does exactly one thing and can be audited line by line. The application layer never touches system files directly.
We run nightly backups at 3am UTC — Postgres database, Docker volumes, and all service data — with 7-day retention. DigitalOcean runs weekly automated snapshots as an independent layer. We verify backup integrity after each run.
More importantly: your data is portable. If you ever want to leave Myximus, we will help you export everything. Your vault exports to the standard Bitwarden format, readable by dozens of apps. Your email exports to standard IMAP. Your documents export to open formats. We don't believe in lock-in. A product that keeps users by making it hard to leave isn't a product people chose — it's a trap.
This isn't an attack. It's a comparison of architectural choices and what they mean for you.
| Typical Big Tech provider | Myximus | |
|---|---|---|
| Who holds your encryption keys | Them. They can decrypt your data on request. | You. We derive keys from your password. We never have them. |
| Email storage | Plaintext or provider-encrypted (they hold the key). | Encrypted at rest, per-user EC key derived from your password. Unreadable from stolen disk or backup without it. |
| Search queries | Logged, stored, used to build your ad profile. Retained indefinitely. | Not logged. Not stored. Gone when results appear. |
| Analytics and tracking | Google Analytics, ad pixels, fingerprinting on every page. | Self-hosted Umami. No cookies. No third-party scripts. Zero. |
| Government data requests | Can comply with readable data. Some providers publish transparency reports. | Can hand over the server and encrypted mailboxes. Cannot hand over readable mail — the keys are derived from user passwords we don't hold. |
| Revenue model | Your attention and data are the product. | Your subscription is the product. Your data is yours. |
| Data portability | Export is possible but deliberately cumbersome. | Standard formats. Export anytime. We'll help. |
| Infrastructure dependencies | Often built on AWS, GCP, or Azure — more Big Tech underneath. | Self-hosted on our own server. No Big Tech infrastructure underneath. |
We believe the technically curious deserve to check our work. Here's where to look.
Open DevTools in your browser → Network tab → reload this page. Count the third-party requests. The answer should be zero. If it isn't, email us immediately.
Look up the CAA record for myximus.com. It restricts certificate issuance to Let's Encrypt only. No rogue certificate authority can issue a valid cert for our domain.
The Bitwarden protocol is open source and independently audited. Vaultwarden is a community-maintained implementation. Both are publicly reviewable on GitHub.
SearXNG is fully open source. The instance running at search.myximus.com uses the standard configuration with logging disabled. Source available on GitHub.
Send us a security question at care@myximus.com. Ask us to prove we can't read your email. We'll explain exactly why our architecture makes it technically impossible.
Use Myximus Scanner to check your own device. The scan runs locally — results never leave your machine unless you choose to act on them.