Secure Investigative Infrastructure

The work remains.
Not its traces.

Each session initializes, runs, and dissolves; your findings intact, your footprint at zero.

Download the Client See how it works
ephemeral — workspace init
$ephemeral init --workspace
↳ generating credentials...
↳ provisioning encrypted storage
↳ allocating dedicated mailbox
workspace sealed
 
$ephemeral launch --instance ws_9f2a
↳ initializing virtualized runtime
↳ binding cryptographic identity
↳ isolating from host system
instance active — no telemetry
 
$ephemeral close
↳ flushing runtime memory
↳ destroying instance state
instance resolved — nothing retained
 
$
0
Retained on device
Workspace isolation
CH
Swiss-operated
00 — Context

Investigative work has always carried risk. What's changed is the infrastructure of exposure. Source identity, document origin, a researcher's pattern of inquiry are no longer protected by physical distance or institutional walls. They exist as data, and data can be accessed, extracted, or subpoenaed.

Most tools are not built for this. A cloud drive stores. A messaging app transmits. A browser leaves a record. None of them were designed around the risk of being tracked.

Ephemeral is.

01 — How a session works
Step 01

Authenticate

A sealed, virtualized Instance initializes on your device. Isolated from the host system at the cryptographic level.

Step 02

Initialize a Workspace

Each Workspace has its own credentials, encrypted storage, dedicated mailbox, and secure file intake endpoint. Generated instantly from the client.

Step 03

Conduct your investigation

Work inside the contained runtime. No telemetry. No analytics. No logging. Nothing leaves the sealed environment.

Step 04

Close the session

The Instance is destroyed. The runtime dissolves. Your device retains no investigative data. The Workspace persists only within Ephemeral infrastructure.

02 — Built for
Investigative Journalism

The tools shouldn't be the weak link.

Sources, documents, and lines of inquiry leave traces across every platform they touch, not through breach, but through ordinary use. Ephemeral isolates each investigation at the infrastructure level, so source identity, access patterns, and lines of inquiry leave no recoverable trace.

Legal Discovery

In sensitive matters, isolation is a requirement.

Privileged materials, witness communications, and case strategy cannot share infrastructure with other matters, other clients, or other teams. Ephemeral provisions each matter as a structurally independent environment, so containment is guaranteed by architecture rather than enforced by procedure.

Institutional Review

Internal investigations require separation from the systems they examine.

When the institution is both the client and the subject, the review environment cannot share infrastructure with normal operations. Ephemeral provides a contained workspace that is structurally independent from institutional systems, so the integrity of the process is architectural rather than procedural.

03 — Structure, not policy.
Swiss-Operated

Jurisdiction by architecture.

Ephemeral AG is registered and operated in Switzerland, supported through institutional partnerships and public-interest funding.

Structural Independence

Funding does not mean access.

Operational control is structurally separated from all funding entities. No investor, partner or funder has access to infrastructure decisions.

Zero Surveillance

We cannot access what we do not collect.

We cannot sell any data. We do not surveil Workspaces. We cannot access Workspace contents.

Transparency Reporting

Verifiable by design.

Annual security audits, legal disclosures, and canary statements are published. Client-side code is open source and independently auditable.

04 — Access

Free for individual use.

The Ephemeral Client is available for macOS, Windows, and Linux.
Portable. No installation required.
macOS Apple Silicon / Intel
Windows x64
Linux .AppImage / .deb / .rpm
Portable Run from removable media