Alpha software — APIs may change

Your Data. Your Keys. Your Control.

MindooDB is an end-to-end encrypted, offline-first sync database for secure collaboration — servers can store and sync, but cannot read. Works client-server, peer-to-peer and local-only. For browsers, NodeJS and React Native.

Get Started View on GitHub

End-to-end encryption: keys stay on devices, encrypted data flows to servers

Watch and listen

Get a deep introduction to MindooDB — generated by NotebookLM from the MindooDB documentation.

Introduction Video

A visual overview of how MindooDB keeps data encrypted end-to-end while enabling real-time collaboration and offline-first sync.

And NotebookLM, it's called "MindooDB" (with a short i). But never mind. :-)

MindooDB Podcast

Real-Time Sync Without Server Trust

Two AI hosts discuss how MindooDB handles encryption, offline collaboration, and sync — without ever trusting the server. A relaxed deep-dive into the architecture.

Download episode

Zero-trust storage

Server breach yields ciphertext

Keys stay on devices. Three independent encryption layers: AES-256-GCM at rest, per-user RSA in transit, TLS on the wire. Servers never see plaintext.

Offline-first UX

Work without network

Create and edit locally. Metadata-first reconciliation syncs only what changed — bandwidth proportional to delta, not total size.

Collaboration

Conflict-free merges

Automerge CRDTs ensure concurrent edits converge automatically. Order-independent sync — entries can arrive in any sequence.

How it works

Servers can sync & store — but cannot read

Clients keep private keys; server stores encrypted blobs; sync exchanges missing encrypted entries. — Clients encrypt before sync. Servers store ciphertext. Sync exchanges only the encrypted entries you're missing.

Sign every change (authorship + integrity)
Encrypt before leaving the device (confidentiality)
Append-only storage (audit trail)
Content-addressed sync (transfer only what's missing)
Works client-server and peer-to-peer

What you can build

Use cases and capabilities

Offline-first field apps

Local-first edits, later sync.

Secure collaboration

Servers don't need plaintext.

Multi-tenant SaaS

Tenant isolation with keys.

Audit & compliance

Append-only + time travel.

Encrypted file workflows

Attachments with streaming.

Cross-org reporting

Virtual Views across origins.

Distributed web apps

Ship UI through MindooDB sync.

Signed, tamperproof history

Append-only, cryptographically chained history for auditability and integrity.

Fine-grained access

Named keys enable need-to-know access control for sensitive documents.

Encrypted attachments

Chunked uploads, streaming reads, and tenant-wide deduplication.

Time travel

Retrieve document state at any timestamp and traverse full history.

Virtual Views

Hierarchical categorized views with totals (Domino/Notes-inspired).

Sync anywhere

Peer-to-peer, client-server, and hybrid deployments using the same primitives. Dense sync mode minimizes bandwidth for mobile initial setup.

Get started

Pick your runtime, start coding

Node.js

CLI/server todo quickstart with expected output.

Web Browser

Use mindoodb/browser with Web Crypto.

React Native

Native-first setup via mindoodb setup-react-native.

import { BaseMindooTenantFactory, InMemoryContentAddressedStoreFactory } from "mindoodb";

// 1) One-time setup
const factory = new BaseMindooTenantFactory(new InMemoryContentAddressedStoreFactory());
const { tenant } = await factory.createTenant({
  tenantId: "acme",
  adminName: "cn=admin/o=acme",
  adminPassword: "admin-pw",
  userName: "cn=alice/o=acme",
  userPassword: "alice-pw",
});

// 2) Create a document and start working
const db = await tenant.openDB("todos");
const doc = await db.createDocument();
await db.changeDoc(doc, (d) => {
  const data = d.getData();
  data.title = "Buy milk";
  data.done = false;
});

// 3) Read it back
const loaded = await db.getDocument(doc.getId());
console.log(loaded.getData()); // { title: "Buy milk", done: false }

// Create a document locally
const doc = await contactsDB1.createDocument();
await contactsDB1.changeDoc(doc, (d) => {
  const data = d.getData();
  data.name = "John Doe";
  data.email = "john.doe@example.com";
});

// Sync between any two stores — client-server, peer-to-peer, or local
await contactsDB2.pullChangesFrom(contactsDB1.getStore());

// Edit on the second device, then push back
await contactsDB2.changeDoc(await contactsDB2.getDocument(doc.getId()), (d) => {
  d.getData().name = "John Smith";
});
await contactsDB2.pushChangesTo(contactsDB1.getStore());
await contactsDB1.syncStoreChanges();
// Both stores converge automatically (CRDTs — no conflict resolution needed)

const doc = await db.createDocument();

// Attach a text file
const content = new TextEncoder().encode("Quarterly earnings report…");
await db.changeDoc(doc, async (d) => {
  await d.addAttachment(content, "report.txt", "text/plain");
});

// Or stream a large file — memory efficient, encrypted chunk by chunk
await db.changeDoc(doc, async (d) => {
  const response = await fetch("/datasets/sensor-log.csv");
  await d.addAttachmentStream(response.body, "sensor-log.csv", "text/csv");
});

// Stream the CSV back — decrypted chunk by chunk, constant memory
const reloaded = await db.getDocument(doc.getId());
const attachments = reloaded.getAttachments();
const csv = attachments.find((a) => a.fileName === "sensor-log.csv");
for await (const chunk of reloaded.streamAttachment(csv.attachmentId)) {
  process.stdout.write(chunk);
}

const view = await VirtualViewFactory.createView()
  .addCategoryColumn("department")
  .addSortedColumn("lastName")
  .addTotalColumn("salary", TotalMode.SUM)
  .withDB("employees", employeeDB, (doc) => doc.getData().type === "employee")
  .buildAndUpdate();

const nav = VirtualViewFactory.createNavigator(view).expandAll().build();
for await (const entry of nav.entriesForward()) {
  // categories + documents in a single, sorted tree
}

These snippets are derived from the MindooDB test suite to stay aligned with real usage patterns.

Why MindooDB?

When to choose MindooDB vs. alternatives

MindooDB is designed for applications where end-to-end encryption, offline operation, and multi-party collaboration are essential. Here's when it fits best.

Choose MindooDB when:

You need end-to-end encryption and cannot trust your hosting provider
You require complete audit trails with cryptographic integrity
You need offline-first operation for field or remote operations
You collaborate across organizations and need fine-grained access control
You need technical controls for compliance — encryption, signed audit trails, and coordinated data erasure that support HIPAA, SOX, GDPR, PCI-DSS programs
You need multi-party collaboration with different access levels

Consider alternatives when:

You only need simple CRUD operations without collaboration
You always have reliable network connectivity and don't need offline-first
You don't need end-to-end encryption and can trust your hosting provider
You have simple access control needs that don't require document-level encryption
You need complex relational queries that don't fit document model
You have very high write throughput that may challenge append-only stores

Quick comparison

Feature	MindooDB	PostgreSQL/Firebase	Blockchains
End-to-end encryption	Yes (servers can't decrypt)	No (server-side keys)	Public by default
Offline-first	Built-in	Requires custom logic	Requires network
Audit trails	Append-only, cryptographically chained	Requires custom implementation	Immutable public records
Multi-org collaboration	Fine-grained access control	Server-side access control	All-or-nothing visibility
Data privacy	Private by default	Depends on server security	Public by default

See detailed comparison →

Trust & transparency

Production readiness & trust signals

Current status

MindooDB is alpha software — APIs may change without notice. Core functionality is stable and tested, but we recommend thorough evaluation before production use.

What's stable

Core encryption and sync protocols
Document CRDT operations
Virtual Views and indexing
Attachment storage

What may change

API method names and signatures
Configuration options
Internal data structures

Security & transparency

Open source — Full codebase on GitHub
Security audit — Documented in security audit docs
Threat model — Assumes servers are compromised
Cryptographic guarantees — Ed25519 signatures, AES-256-GCM encryption

Community

Active development, comprehensive documentation, and growing community. View on GitHub →