Giblex exists for sovereignty.
We started because privacy tooling was fragmented, cloud-dependent, and powered by business models built on data extraction. Giblex is the countermeasure — a modular ecosystem that gives people an intentional way to secure identity, data, workflow, and private intelligence without defaulting to cloud trust.
A countermeasure, not just another app brand.
Every mainstream privacy tool eventually bends toward convenience at the cost of control. Giblex was designed from the ground up with a different constraint: the user holds the keys, the data stays local, and recovery does not require trusting a third party.
People who take digital autonomy seriously.
Privacy-conscious individuals, security professionals, clinicians handling sensitive data, developers building on top of secure foundations, and organisations that need auditable, local-first infrastructure they actually control.
Four commitments that define every product decision.
Local-first
Data lives on your device. Cloud sync is opt-in and encrypted, never default. You should not need an internet connection to access your own information.
Zero-trust
No implicit trust between components. Every session opens intentionally, every access event is verifiable, and hardware anchors enforce boundaries.
Transparency
Open-source where possible. Public security architecture. SBOM with every release. If we cannot explain how it works, we do not ship it.
Human-centred
Security tools that real people can actually use. No 40-step setup. No jargon-only interfaces. Privacy should be normal, not premium.
Transparent by default. Auditable by design.
We publish source code, cryptographic implementations, build pipelines, and SBOMs on GitHub. Anyone — security researchers, enterprise buyers, or curious developers — can inspect exactly what our software does.
Why open source matters
Closed-source security tools ask you to trust the vendor. Open-source security tools let you verify the vendor. Every cryptographic primitive, every data flow, every access boundary in the Phantom Suite is published and reviewable.
- Full source for vault encryption, key derivation, and attestation
- Public CI/CD pipelines — what you build matches what we ship
- Software Bill of Materials (SBOM) with every release
- Issue tracking, changelogs, and contribution guidelines
Code you can read
Here is how Phantom Obscura derives encryption keys — HKDF-SHA256 with domain separation ensures each key path is cryptographically independent.
// HKDF-SHA256 key derivation with domain separation
// Hand-rolled Extract + Expand via HMACSHA256
public static byte[] Sha256(
byte[] ikm, byte[] salt, byte[] info,
int len = 32)
{
using var hmac = new HMACSHA256(salt);
var prk = hmac.ComputeHash(ikm);
hmac.Key = prk; // re-key for Expand
var block = hmac.ComputeHash(
info.Concat(new byte[] { 1 }).ToArray());
return block[..len];
}
// Per-container and per-file key derivation
var cek = Hkdf.Sha256(masterKey, salt,
"container::cek"u8.ToArray());
var kek = Hkdf.Sha256(masterKey, salt,
"kek"u8.ToArray());From concept to ecosystem.
Research phase: identifying gaps in local-first privacy tooling and defining the trust model that would become Phantom Suite.
Core cryptographic architecture finalised. Phantom Obscura prototype built with AES-256-GCM + ChaCha20-Poly1305 layered vault.
Phantom Attestor, Recovery, Examiner, and Key join the ecosystem. Giblex Assistant enters development as the contained intelligence layer.
Brand site, waitlist, product language, and the full hierarchy between company, suite, and assistant — ready for early adopters and enterprise pilots.
Interested in building with Giblex?
We are looking for early partners, security-minded testers, and people who believe digital autonomy should be normal.