Zero-knowledge by architecture, not by policy

Security without compromise.

Eight principles, openly documented. End-to-end encrypted, forward secrecy by design, direct device-to-device by default. No email, no password, no central user database. Remio cannot see what Remio is not given the keys to decrypt — and the keys live only on your devices.

Read the principles Read the whitepaper
Whitepaper, page one

Eight principles, plainly stated.

Each principle below is anchored. Cite the numbers directly when you need a quick reference: the link in the corner of every card jumps to the dedicated section. These are not aspirations — they are the architecture as it ships today.

01
Zero-knowledge architecture

We cannot see what we are not given the keys to decrypt.

Encryption keys are derived between your devices through a modern key exchange. They never reach Remio. Our connection server only relays setup messages — and then steps out of the path entirely. Video, audio, keystrokes, mouse movements, clipboard, and file transfers flow directly between your devices, end-to-end encrypted. If a court order arrived tomorrow demanding our copy of your session, we would have nothing to hand over. That is not a policy choice. It is a property of the architecture.

02
No account, no target

No email, no password, no user database to breach.

Most remote desktop tools require an account: email, password, often a phone number, sometimes a payment method. Every one of those becomes a target the moment it lands on a vendor's server. AnyDesk reset every customer password after their February 2024 breach. TeamViewer's corporate network was compromised by APT29 in June 2024. Remio holds no central account database, so there is nothing to leak. Read the zero-account philosophy essay for the full reasoning. Pairing happens with a one-time 4-digit PIN displayed on your host screen — authorising a specific device, not an identity.

03
Direct device-to-device by default

Your data flows directly between your devices.

Standard remote desktop tools route every keystroke and every pixel through a vendor-controlled cloud — a structural middleman that can see everything. Remio establishes a direct connection between your client and your host. The connection server's only job is the handshake: it never touches your stream. When network conditions require an encrypted relay, the relay forwards already-encrypted packets it cannot read — the same bytes that would have crossed the open internet, just with one extra hop.

04
Bank-grade authenticated encryption

The same level of protection that guards banking and government traffic.

Every byte of your stream is wrapped in bank-grade authenticated encryption: a government-approved standard that simultaneously protects confidentiality (nobody else can read it) and integrity (nobody else can modify it without detection). The transport layer is the same kind of encryption that secures WhatsApp calls and Google Meet. The key strength is so large that brute-forcing it would take longer than the age of the universe with every supercomputer ever built running in parallel.

05
Perfect forward secrecy

Past sessions stay protected, even if a future key leaks.

Each session derives a fresh, single-use key through a modern key exchange. The key exists for the duration of that session and then disappears — not stored on disk, not stored on either device, not recoverable. If a long-term device credential were ever compromised in the future, your past sessions remain mathematically safe: the session keys that protected them are gone and cannot be reconstructed. The same key exchange is used by Signal, WireGuard, and the modern secure web.

06
Physical-presence pairing

A 4-digit PIN you read off the host screen.

To pair a new device, you read a one-time 4-digit PIN displayed on your host computer and type it into the client. The PIN is valid for a few minutes, can be used exactly once, and trusts a specific device — not an identity. There is no central authority granting access, no master key, no “forgot password” flow for an attacker to exploit. The trust model is closer to in-person key exchange than to a typical software account: you authorise by physical presence at the host.

07
Hardware-backed key storage

Your OS protects Remio's secrets with its own hardware.

Device credentials are stored inside each platform's secure vault — Keychain on Mac and iPad, Android's secure store, and the Windows credential vault. These vaults are protected by dedicated security hardware: the Secure Enclave on Apple devices, secure elements on Android, and the trust chip on Windows PCs. Even with full disk access to a stolen device, attackers cannot extract the credentials without the device unlock — which is itself biometric or PIN-protected by the platform.

08
Open, auditable protocol

Public schemas are the single source of truth.

Remio's communication protocol is defined in public schemas. The exact format is reproducible from the schema; every message type is documented; the same definition drives the apps on iPhone, iPad, Mac, Android, Windows, and the connection server. No proprietary obfuscation, no platform-specific divergence, no hidden message types. Anyone who wants to verify exactly what Remio sends between your devices can read the schema and the generated parsers — and confirm that the answer matches what we say it is.

Threat model in plain language

What changes when the vendor gets breached?

The biggest names in remote desktop have been compromised — putting millions of users at risk. The table below maps each scenario to what a Remio user actually loses, and why the answer is usually “nothing of yours.”

AnyDesk TeamViewer Remio
Where does your stream go? Through their servers Through their servers Directly between your devices
Required account? Yes, ID-based account Yes, mandatory account No, just a 4-digit PIN
Can the vendor decrypt your session? Technically possible Technically possible Impossible by design
Effect of a vendor breach All users exposed (Feb 2024) All users exposed (Jun 2024) No user data to leak
Are past sessions safe if a key leaks? Unclear Unclear Yes, perfect forward secrecy
Can you audit the communication protocol? No, proprietary No, closed-source Yes, the protocol schema is public
What telemetry is collected? Usage analytics, device IDs Usage analytics, account data None — zero telemetry

References — AnyDesk: production servers breached and code-signing certificates stolen, February 2024 (password reset issued to all customers). TeamViewer: corporate network breach attributed to APT29, June 2024 (employee credentials compromised, product integrity questioned).

Compliance and posture

Nothing to leak, nothing to report.

The strongest security posture is having no data to compromise. Independent audits and formal certifications are in progress for 2026, and the architecture is already aligned with GDPR by design.

Today

Already in place.

GDPR is a posture by architecture — we collect no personal data, set no tracking cookies, and run no analytics. Brute-force protection rate-limits connections at the signalling layer. Device credentials sit inside the platform's hardware-backed secure storage. There is nothing to certify because there is nothing collected to certify against.

GDPR by architecture — no personal data, no cookies
Brute-force protection — rate-limit at the connection edge
Hardware-backed storage — platform secure vaults on every device
Perfect forward secrecy — fresh session keys
Open protocol — schemas are public
Planned · 2026

Independent penetration test.

Professional code review and red-team engagement by a reputable security firm. A transparency report will be published when the engagement concludes — successes and findings both.

Planned · 2026

SOC 2 Type II.

Independent third-party audit of security controls, availability, and confidentiality — for IT teams and enterprise buyers who need formal verification rather than just architectural claims.

Roadmap

Bug bounty programme.

Responsible disclosure programme for security researchers, with structured rewards. Until launch, security reports go to security@remio.net — we read every one.

Reference

Full technical whitepaper.

Encryption details, threat model, direct device-to-device transport, pairing protocol, key lifecycle. For IT managers, security teams, and anyone evaluating Remio for a regulated workload.

Read the whitepaper
Free, all features · no account · no card

Privacy should not be a premium feature.

Install the host on the computer you want to reach. Install the client on the device you want to reach it from. End-to-end encrypted, direct device-to-device, no cloud account. The eight principles above are how it ships, not where it is headed.

Download free Read the whitepaper

macOS, iOS, iPadOS, Windows, and Android. Free, all features.