Your Secrets Deserve
a Secure Enclave, Not a Phone

Inklave is an air-gapped E-Ink tablet built around an EAL 4+ Secure Element, post-quantum encryption, and active defenses against physical coercion. No radios. No cloud. No compromise.

Air-Gapped Physically disconnected from all networks -- no WiFi, Bluetooth, cellular, or NFC hardware exists on the device.Biometric Auth Authentication using your unique biological traits (fingerprint), verified inside tamper-resistant hardware.Post-Quantum Encryption built on algorithms specifically designed to withstand attacks from quantum computers, not just classical ones.EAL 4+ Secure Element A tamper-resistant chip certified to EAL 4+ under Common Criteria, serving as the hardware root of trust that generates and protects all master keys.
The Threat Surface

Every Device You Trust
Is a Liability

The $5 Wrench Attack

The most effective attack requires no code at all. Physical coercion bypasses every password, every key, every encryption layer. Unless the device fights back.

Cloud Storage

Your files live on someone else's server. One breach, one subpoena, one rogue employee, and your secrets are gone.

Connected Devices

WiFi. Bluetooth. Cellular. NFC. Every radio is a door you can't lock. Your phone has dozens, always broadcasting.

Software Encryption

Encryption in software is only as strong as the OS beneath it, and your OS has millions of lines of attack surface.

The Solution

Two Devices.
One Unbreakable Pair.

A vault and its backup, engineered to work together and trust nothing else.

Inklave Tablet

See your secrets. Touch nothing else. An E-ink display with biometric access and hardware-encrypted storage that never connects to a network.

NXP i.MX8ULP An ultra-low-power applications processor from NXP Semiconductors, designed for battery-powered secure devices.OP-TEE Open Portable Trusted Execution Environment -- an open-source framework that creates an isolated secure world inside the processor.LUKS2 Linux Unified Key Setup v2 -- an open standard for full-disk encryption that protects all data at rest.PQC Post-Quantum Cryptography -- encryption algorithms designed to withstand attacks from future quantum computers.

Secure USB Drive

Backup that forgets on disconnect. Keys exist only in RAM and never touch persistent storage. Pull the plug and they're gone. No trace left behind.

JCOP 4.5 Java Card OpenPlatform 4.5 -- a secure runtime for smart cards and secure elements that runs isolated applets.P71D600 A tamper-resistant secure element chip from NXP, used to store and protect cryptographic keys in hardware.FIPS 140-3 A U.S. government security standard for cryptographic modules -- the highest bar for validating that hardware handles encryption correctly.
Capabilities

What Happens Inside the Tablet

Six capabilities that turn a tablet into a fortress. Select one to see it in action.

IDENTITY VERIFIED
SUNLIGHT READABLE
UNRECOVERABLE
REAL OR DECOY
NO RADIO
KEYS IN TEE
Architecture

Five Layers. Zero Trust.

Built outward from an EAL 4 AVA_VAN certified Secure Element , the hardware root of trust at the heart of every Inklave. To reach your secrets, an attacker must defeat all five layers. In person, with the device in hand.

54321
05

Air Gap

The outermost layer is the absence of a door. Inklave carries no WiFi, Bluetooth, cellular, or NFC hardware, so there is no network stack to exploit and no signal to intercept. An attacker cannot reach the device remotely from across the room or across the world. They have to be standing next to it.

NO RADIO HARDWARE The device contains zero wireless transmitters or receivers -- no WiFi, Bluetooth, cellular, or NFC chips exist on the board.PHYSICAL ISOLATION Security achieved by physically disconnecting a device from all networks, not just turning radios off in software.NO REMOTE SURFACE With no network hardware, there is literally no way for a remote attacker to reach the device over any wireless or wired network.
04

Biometric Gate

Even holding the device, an attacker meets the next wall. Your fingerprint is matched inside the Trusted Execution Environment, never in general-purpose software, so there is no login screen to brute force and no token to steal. No fingerprint, no entry, and no software path around it.

TEE-VERIFIED MATCH Biometric matching performed inside the Trusted Execution Environment, never exposed to general-purpose software.NO SOFTWARE BYPASS The security check runs in hardware-isolated firmware -- no software update or exploit can skip it.ANTI-SPOOF Countermeasures that detect fake fingerprints or replayed biometric data, ensuring only a live finger is accepted.
03

Dual-Layer Encryption

Should someone desolder the flash and read it directly, they find only ciphertext. Two layers deep: LUKS2 full-disk encryption seals the filesystem, then a NIST-standardized post-quantum cryptographic layer wraps every secret on top. No homegrown crypto anywhere in the stack -- only publicly vetted, standardized algorithms, the same open-standards philosophy behind LUKS2 and OP-TEE. The keys never leave the Secure Element. The raw chip is useless without the silicon that guards them.

LUKS2 FULL DISK Full-disk encryption using LUKS2, meaning every byte on the storage medium is encrypted at rest.NIST-STANDARDIZED PQC A post-quantum encryption layer using NIST-standardized, publicly vetted algorithms, layered on top of LUKS2 to resist both classical and quantum attacks.KEYS IN SECURE ELEMENT Encryption keys are generated and stored exclusively inside the Secure Element chip -- they never exist in main memory or software.
02

Trusted Execution

The decryption itself happens in a walled-off secure world. OP-TEE partitions memory so that the normal operating system can never observe the keys in use, even if that OS is fully compromised. Secrets are processed in a room the rest of the system is not allowed to enter.

OP-TEE SECURE WORLD The isolated execution domain created by OP-TEE, completely separated from the normal operating system.MEMORY PARTITIONING Dividing the processor’s memory into isolated regions so the normal OS can never access secure data.ISOLATED RUNTIME A separate execution environment where sensitive code runs, invisible to the main operating system.
01

Secure Element

The heart of the entire system. An EAL 4 AVA_VAN certified, tamper-resistant chip that serves as the hardware root of trust. Every master key is generated and stored inside this silicon, physically resistant to probing, fault injection, and side-channel attacks. The Secure Element is the reason every other layer holds: without it, there are no keys, no decryption, no data. Reach this, and you face a vault designed to destroy its own contents before surrendering them.

EAL 4 AVA_VAN CERTIFIED Evaluation Assurance Level 4 with AVA_VAN (Vulnerability Analysis) -- a Common Criteria certification proving the chip resists skilled attackers with significant resources.HARDWARE ROOT OF TRUST A dedicated chip that anchors the entire security chain -- if this chip hasn’t been compromised, nothing above it can be either.TAMPER RESISTANT Physically designed to destroy or erase keys if someone tries to open, probe, or reverse-engineer the chip.
For the Uncompromising

Built for Those Who Can't
Afford Compromise

Some things are too valuable for the cloud. Too private for a password manager. Too important to leave to chance.

01

Protect Your Digital Wealth

You hold the keys to a fortune in crypto. If something happens to you, those keys vanish permanently. No exchange can recover them. No lawyer can subpoena them. They simply cease to exist. Unless they’re on Inklave.

  • Seed Phrases & Private Keys
  • Exchange Credentials
  • Cold Storage Backup
BTC Seeds Bitcoin seed phrases -- the 12-24 word recovery key that controls access to a Bitcoin wallet.
ETH Wallet An Ethereum wallet containing private keys used to sign transactions and control crypto assets.
Private Keys Cryptographic keys that prove ownership of digital assets -- anyone who holds them controls the funds.
Recovery Codes One-time backup codes used to regain access to accounts when primary authentication is lost.
2FA Secrets Shared secrets used by two-factor authentication apps (TOTP) to generate time-based login codes.
Exchange Logins Credentials for cryptocurrency exchange accounts where assets are traded or held in custody.
02

Secure Your Legacy

Three bank accounts. A safety deposit box. Twenty years of passwords. Gold in a vault your children don’t know about. If something happens to you tomorrow, your family inherits confusion, or worse, nothing. Inklave turns inheritance into a handoff, not a scavenger hunt.

  • Estate Instructions
  • Account Credentials
  • Family Records
Bank PINs Personal identification numbers for bank accounts, debit cards, and financial access.
Passwords Login credentials for online accounts, services, and platforms accumulated over a lifetime.
Property Deeds Legal documents proving ownership of real estate, land, or other titled property.
Gold Holdings Records of physical gold, bullion, or precious metal holdings stored in vaults or safe deposit boxes.
Estate Documents Wills, trusts, power-of-attorney forms, and other legal instruments governing inheritance.
Insurance Policies Life, property, and liability insurance documents that beneficiaries need to file claims.
03

Defend Your Privacy

A vindictive ex. A stalker. A border crossing in the wrong country. Some threats don’t come from hackers. They come from people who already know your name. Inklave’s dummy mode shows a clean device on command. The real contents stay invisible, even under duress.

  • Plausible Deniability
  • Duress Protection
  • Hidden Volumes
Identity Documents Passports, government IDs, social security numbers, and other personal identification records.
Private Comms Sensitive personal communications -- messages, emails, or recordings meant to remain confidential.
Dummy Mode A decoy operating mode that presents a clean, empty device while hiding the real encrypted contents.
Panic Wipe An emergency key sequence that instantly destroys all data on the device when entered under duress.
Medical Records Protected health information (PHI) including diagnoses, prescriptions, and treatment history.
Location Data GPS coordinates, travel history, and location logs that could reveal movements or safe houses.

One device. Every secret. Zero exposure.

Early Access

Take Control of Your Security

Inklave is in active development. Join the waitlist for early access and founder pricing.

No spam. Unsubscribe anytime.