GolemDrive Blog
Search

About

Notes from the team building GolemDrive.

This is the GolemDrive engineering and product blog. We write about what we ship, why we build the way we do, and the parts of the system that are worth talking about.

What you'll find here

  • Launch milestones — what's new, what's changing, and what we're working on next.
  • Engineering notes — architecture, performance, infrastructure choices, and things we got wrong on the way to getting them right.
  • Security & cryptography — how end-to-end encryption is implemented, where the keys live, and what we can and cannot see.
  • Guides — getting the most out of features like sharing, teams, the AI assistant, the CLI, and the MCP server.
  • Creator & partner program updates — earnings, payouts, and new monetization tools.

What GolemDrive is

GolemDrive is end-to-end encrypted cloud storage. Files are encrypted on your device with AES-256-GCM before upload; we never see plaintext. Per-user RSA-4096 keypairs handle key wrapping and sharing, and your passphrase is stretched with Argon2id into the master key that unlocks everything. A 24-word recovery phrase is the one thing we cannot reset for you — it is your account, not ours.

Beyond storage, the platform is an actual product:

  • Sharing with password protection, expiry dates, download caps, and access logs.
  • Teams with role-based permissions and secure cross-member sharing.
  • An AI assistant built into the dashboard with over 200 tools — find files, organize folders, manage shares, check storage, run analytics, and more, all through natural conversation. It asks for permission before doing anything destructive.
  • Creator pages, tip jars, and a partner program with CPM-based revenue sharing for content.
  • Developer access through a full CLI and an MCP server (100+ tools and resources) so the platform fits cleanly into agentic workflows.
  • Mobile-ready as an installable PWA with offline support.

The shape of the company

Privacy comes first because the architecture demands it, not because it's a marketing line. Our servers store ciphertext and metadata wrappers; we cannot recover lost passphrases, cannot read shared content, and cannot hand over plaintext to anyone — including ourselves. That constraint shapes every product decision downstream.

We ship weekly. We document what we change. When we get something wrong, we say so here.

Where to go next