Guides/Sensitive docs
An encryption tool for sensitive documents that fits on a USB stick
Sensitive documents — contracts, medical notes, HR files, client records — deserve an encryption tool that is small, boring, and offline. Elba is a single HTML file that seals a folder of documents with AES-256-GCM.
The threat model most people actually have
Most people worrying about sensitive documents are not worrying about a nation-state. They are worrying about a stolen laptop, a shared drive, a nosy colleague, or an old backup that never got deleted. Local at-rest encryption handles all four.
Boring is the feature
The best encryption tool for sensitive documents is one you'll actually use. Elba has no dashboard, no plan tiers, no cross-sell. You open a folder, you close a folder. That's it.
Questions people actually ask
- Is this HIPAA / GDPR compliant?
- Elba provides AES-256-GCM at-rest encryption, which is the technical control both frameworks reference. Compliance is a matter of your policies; the tool gives you the primitive.
- Can I share sealed files with a colleague?
- Yes. Send them the sealed folder and the password over separate channels. Both sides use the same Elba file to unseal.
Take the island
Elba is one HTML file. It runs locally in a Chromium browser, seals a folder with AES-256-GCM, never phones home, and becomes open source on 1 January 2030.
- €49MMXXVI· now ·
- €39MMXXVII2027
- €29MMXXVIII2028
- €19MMXXIX2029
- FreeMMXXX2030
the price falls each year · free to all 1 jan 2030
pay once · no account · nothing leavesRelated guides
- File encryption for lawyers: privilege, at rest
A quiet, offline way for lawyers to protect client files at rest. Elba seals a folder with AES-256-GCM — no cloud, no account.
- File encryption for therapists and counsellors
Session notes are the most sensitive files most therapists keep. A small, offline, one-time-purchase way to seal them.
- File encryption for doctors: HIPAA-grade, at rest
AES-256-GCM local file encryption suitable for HIPAA at-rest requirements. Elba is a single HTML file — no cloud, no account.