The night that started this
A few years ago a friend of one of us — a journalist who'd spent three years building an archive of leaked municipal corruption documents — lost the whole thing on a Tuesday.
No warrant. No court order. No notice. The hosting provider had received a phone call from a regional prosecutor in a country thousands of kilometres away, and the night-shift abuse team had clicked "suspend" because the form said the request was urgent. By the time the journalist's lawyer reached the right person, the volume had been zeroed.
We sat with that for a long time. Not because the legal mechanism worked — there was no legal mechanism — but because every provider we looked at had operations rules like that one. Polite suspension on any letterhead. No customer notification. No appeal. The terms-of-service page promised "your data is safe with us." The runbook said "comply with anything urgent."
The inverse
Default to refusing. Cooperate only when we are legally compelled by an actual judge with jurisdiction over us. Always — always — tell the customer first, so they can back up their data, rotate their keys, or just say goodbye on their own terms.
That posture has a few consequences that aren't really negotiable:
- We can't collect identity. A database we keep is a database that will be subpoenaed, breached, or quietly cooperative. The only way to be unable to hand over customer identity is to never have asked.
- We can't accept reversible payment. Card networks impose KYC by design; crypto doesn't. So crypto only.
- We can't host where abuse@ becomes a back door. Our hardware sits where the legal process is slower, more transparent, and more honest.
- We can't run a complaint mailbox. The first email is the wedge; soon it's a department, then a procedure, then a policy of preemptive suspension. We don't have a step one.
Who we are
A small team. Pseudonymous, by choice, because our names are not the relevant detail and because we'd rather keep ourselves out of the attack surface around the service. Between us we've spent two decades running infrastructure for newsrooms, harm-reduction sites, activist legal funds, dissident media, and a couple of file lockers nobody will ever take a photo of.
Geographically distributed. Operationally redundant. Boring engineering on purpose — the kind that doesn't need a 3 AM page from a clever feature.
We are not idealists. We are people who watched the industry slide into surveillance-as-a-service and decided to build something that runs the other way.
Constitutional protection, slow MLAT response, operators who understand.
Paris
EU-jurisdiction hub for EMEA. Owned hardware, AS-routed transit, mid-1ms peering to LINX & AMS-IX.
Operating since 2023
Reykjavík
Press-freedom statute on the books since IMMI. Geothermal-cooled hall, hard physical access protocol.
Newsroom & archive workloads
Zürich
Non-EU jurisdiction with strict due-process tradition. Tier-IV facility, separate operating entity.
High-availability workloads
Bucharest
EU member, slower legal cooperation channels by design. Cost-effective dedicated metal, dense uplink.
Dedicated & bulk storageWhere the hardware lives
We own the metal. No leased AWS instances rebadged as offshore. The servers sit in colocation facilities in jurisdictions chosen for their constitutional protections on speech, their slow MLAT response times, and the fact that their operators understand — from long, plain conversations — what we will and will not do.
Each location is independently legally sovereign, with separate operating entities where it makes sense. The redundancy is geographic and political, not just hardware-level.
The hardware itself is the same boring AMD EPYC silicon every competent hosting provider runs. We don't compete on novel chips. We compete on the operations posture around them.
What we promise
Honest things. Not the kind of promises an SLA buyer would want — we don't write contractual service credits for ourselves to argue our way out of. The kind of promises a person could trust.
-
i.
We will not surrender, suspend, or alter
…a service in response to anything that isn't a binding judicial order from a court that has jurisdiction over us.
-
ii.
We will challenge what deserves challenging
We will lose some of those fights. We will tell you when we do.
-
iii.
We will warn you before we act
Hours of grace, sometimes days — unless we're explicitly gagged by the order itself. When we are, we stop updating the canary.
-
iv.
We will never sell, share, or publish
No data about you. No “trusted partners”. No quiet terms updates while the lawyers aren't watching.
-
v.
We will keep the operations boring
Uptime, network performance, fair invoicing. The unusual posture is in the policy, not in the technology.
The limits we're honest about
We can't promise eternal hosting. Governments find ways. Datacenters change hands. Operators retire. What we can promise is that none of those transitions happen behind your back.
We can't fight every order. We can refuse to fold under any process that isn't actually one.
We have a single absolute rule, described in plain language on the acceptable-use page: child sexual abuse material. That is the only category we will not host under any circumstance, and it is the only situation in which the rest of these promises do not apply.
If you're tired of the rest of it
If you've been quietly waiting for a hosting provider that doesn't require you to pretend — pretend to be a sole-trader registered somewhere convenient, pretend the prosecutor's letter is a court order, pretend the abuse@ form-letter mill is anything other than a compliance shakedown — then welcome.
Top up a balance, pick a region, deploy a server. We'll be the quiet machine at the other end of the connection. That's all this is, and we think that's enough.
Numbered, but never identified.
