Flowdesk — Privacy‑first Engineering Studio

We build full‑stack web apps, native & hybrid mobile apps, end‑to‑end encrypted systems, crypto wallets, and AI‑powered products — the kind of engineering where getting the details wrong is the whole story. Led by a senior engineer with four years shipping production OpenPGP email at FlowCrypt (iOS + Chrome Extension, 2022–2026).

Flowdesk is a small, fully remote engineering studio focused on products where trust is load‑bearing — zero‑knowledge applications, end‑to‑end encryption, client‑side cryptography, crypto wallets and web3 frontends, and privacy‑respecting mobile apps. We design, build, deploy, and maintain production systems for startups and established companies worldwide: browser, server, mobile, and infrastructure.

We are led by a senior engineer with four years shipping production cryptography at FlowCrypt (OpenPGP for email — iOS + Chrome Extension, 2022–2026), plus real App Store and Google Play shipping experience across native and hybrid mobile. Alongside privacy engineering we take on full‑stack web, mobile, and AI work — we ship features into products, and we use AI aggressively to deliver faster.

Our flagship open‑source product is Flowvault — a zero‑knowledge encrypted notepad with hidden‑volume plausible deniability, drand‑backed time‑locked notes, self‑destructing Encrypted Send, and Bring‑Your‑Own‑Storage local vaults. It's the public reference for the engineering bar we hold client work to.

• 🛡️ Privacy‑first & E2EE web apps — Client‑side cryptography, authenticated encryption (AES‑GCM), memory‑hard KDFs (Argon2id), drand/tlock identity‑based encryption, and zero‑knowledge server boundaries enforced by auditable rules. See Flowvault end to end.
• 💱 Crypto & web3 products — Wallets, signing flows, key management, and web3 frontends built on production cryptography, not tutorials.
• 🧩 Browser extensions — Chrome, Edge, and Firefox extensions, including security‑critical E2EE extensions used against real threat models.
• 📱 Native & hybrid mobile apps — Production iOS (Swift, SwiftUI) and Android (Kotlin, Jetpack Compose); React Native, Expo, and Flutter from one codebase. Full App Store and Google Play lifecycle.
• 🌐 Full‑stack web & SaaS — React / Next.js frontends with Firebase, Node.js, or Python backends. Typed, tested, deployed on CI/CD from day one.
• 🤖 AI orchestration & agents — LLM chains, tool‑using agents, RAG, evals, and automation pipelines with OpenAI, Anthropic, and open‑source models. We ship AI features into real products.
• ⚡ AI‑augmented delivery — We use AI aggressively where it actually makes engineers faster (scaffolding, test generation, mechanical refactors, code exploration, first‑pass review) so client budgets are spent on the parts that actually need human judgment.
• 🛠️ Developer tooling & utilities — GUI clients, inspectors, CLIs, and desktop utilities. See Firestudio and Snapboard.

The work we're best known for. If "the server can't read your data" needs to be a real claim and not a marketing line, this is the engagement.

• 🔐 Zero‑knowledge application design — Threat modeling, cryptographic architecture, and auditable server boundaries. We specify what the server sees, what it can and cannot do, and why.
• ✉️ End‑to‑end encrypted messaging, storage, and sharing — Authenticated encryption, identity‑based encryption (drand/tlock), one‑shot/burn‑after‑read flows, and backup formats that survive self‑hosting.
• 🔑 Key management & passphrase flows — Memory‑hard KDFs (Argon2id), upgradable parameters, passphrase‑protected keychains, and on‑device key storage — the hard problems that sink most E2EE products.
• 🧩 Security‑critical browser extensions — Chrome / Edge / Firefox extensions, including the kind with real adversaries, shipped at FlowCrypt.
• 💱 Crypto wallet engineering — On‑device key custody, signing flows, multi‑chain integrations, and UX that doesn't leak user funds.
• 🔎 Security review & threat modeling — Review of an existing crypto scheme, key management, or zero‑knowledge boundary. Written, specific, actionable.

Real App Store and Google Play experience, including four years shipping a security‑critical iOS app at FlowCrypt.

• 🍎 Native iOS — Swift, SwiftUI, UIKit, Combine, WidgetKit, Keychain, and App Store release management.
• 🤖 Native Android — Kotlin, Jetpack Compose, Coroutines, Room, Hilt, and Google Play release management.
• ⚛️ React Native & Expo — One codebase, two platforms, native performance. OTA updates with EAS.
• 🐦 Flutter — Cross‑platform apps with Dart, Riverpod/Bloc, and Firebase backends.
• 🔔 Mobile backends — Firebase, Supabase, REST/GraphQL APIs, push notifications (FCM/APNs), in‑app purchases.
• 🧪 Testing & QA — XCTest, JUnit, Detox, Maestro, and snapshot testing.
• 🚀 CI/CD for mobile — Fastlane, EAS, GitHub Actions, TestFlight, and Play Console internal tracks.

• 🧠 LLM orchestration & agents — Multi‑step chains, tool use, RAG, long‑term memory, and evals with OpenAI, Anthropic Claude, and open‑source models.
• 🧪 Evaluations & guardrails — Automated eval suites, regression checks, and safety layers so AI behavior stays predictable in production.
• 📊 Data & embedding pipelines — ETL/ELT, vector databases (pgvector, Qdrant, Pinecone, Weaviate), embeddings, and analytics‑ready warehouses.
• ⚡ AI‑augmented delivery on client projects — We use Cursor, Claude Code, Copilot, and GPT/Codex aggressively for boilerplate generation, exhaustive test generation, typed refactors, and codebase exploration. Clients feel it in cycle time, not in bugs.

_{Activity from @flowdeskadmin, lead maintainer of the Flowdesk organization.}

1. Discover — Understand the problem, users, threat model, and constraints. For privacy and crypto work, we write the threat model down before writing code.
2. Prototype — Get something clickable quickly; validate direction before scaling.
3. Build — Typed, tested, opinionated code, with AI used aggressively to accelerate the boring parts (scaffolding, boilerplate, test generation, mechanical refactors, codebase exploration) so human time is concentrated on architecture, cryptography choices, security, and the edge cases that actually matter.
4. Ship — CI/CD, observability, and predictable releases from day one. For security‑sensitive products, release commits are tagged and signed.
5. Iterate — Tight feedback loops with clients and end users.

We're a privacy‑first engineering studio. Our strongest work is in zero‑knowledge applications, end‑to‑end encrypted systems, client‑side cryptography, crypto wallets, and security‑critical mobile and browser‑extension work. Flowvault is the public reference for the bar we hold client work to.

Flowdesk is led by a senior engineer with four years at FlowCrypt (2022–2026) shipping production OpenPGP email — owning the iOS app and the Chrome / browser extension end to end, plus review and QA on the Android codebase. That cryptography and secure‑mobile background is the foundation we build every engagement on.

No. Privacy and cryptography are our specialty and our strongest differentiator, but we also take on full‑stack web, native & hybrid mobile, and AI engagements — the engineering playbook is the same (typed, tested, shipped). See What We Build for the full list.

Yes — mobile is a core specialty, including security‑critical mobile (four years shipping a production iOS app at FlowCrypt). We build native iOS apps in Swift/SwiftUI, native Android apps in Kotlin/Jetpack Compose, and hybrid apps with React Native, Expo, and Flutter — architecture through App Store / Google Play release.

Cryptography: OpenPGP, AES‑GCM, Argon2id, drand/tlock, Web Crypto API. Web: React, Next.js, TypeScript, Node.js, Python, Tailwind. Mobile: Swift, Kotlin, React Native, Expo, Flutter, Dart. Backend & infra: Firebase, Postgres, Redis, Docker, .NET. AI (shipped into products): OpenAI, Anthropic Claude, LangChain, RAG, vector databases. AI (used to ship faster): Cursor, Claude Code, GitHub Copilot, ChatGPT / Codex.

Two ways. We build AI features into products — LLM orchestration, agents, RAG, evals, and automation pipelines. And we use AI aggressively to deliver faster — Cursor, Claude Code, Copilot, and GPT/Codex handle scaffolding, test generation, mechanical refactors, and codebase exploration, so the billable hours concentrate on the 20% of the code that actually needs human judgment — API design, cryptography choices, UX trade‑offs, and gnarly edge cases.

Yes. We accept a limited number of engagements per quarter for privacy/crypto product builds, mobile app development, AI integrations, and full‑stack product work. Typical engagement: 2–12 weeks, discovery through production release and handover. Email contact@flowdesk.tech.

Yes — Flowdesk is 100% remote and collaborates with clients worldwide across time zones. Discovery, design, development, and delivery run entirely over async and video.

Our flagship products — Flowvault, Firestudio, Snapboard, and Invoice — are open source under permissive licenses. Flowvault is MIT, end to end: frontend, Cloud Functions, and Firestore rules.

We take a limited number of client engagements each quarter.

Typical engagements:

• 🛡️ Privacy & E2EE product builds — zero‑knowledge web apps, encrypted messaging / storage / sharing, client‑side cryptography done right. Our strongest and highest‑value work.
• 💱 Crypto & web3 products — wallets, signing flows, key management, and web3 frontends.
• 🧩 Browser extensions — including security‑critical E2EE extensions.
• 📱 Mobile app development — native iOS/Android or cross‑platform (React Native, Flutter), design through App Store / Google Play release.
• 🤖 AI integrations — orchestration, agents, RAG, evals, guardrails — shipped into real products.
• 🌐 Full‑stack product builds — SaaS, internal tools, and developer utilities from zero to production.
• 🔎 Security reviews & threat modeling — written, specific, actionable reviews of existing crypto, key management, or zero‑knowledge boundaries.
• 🧭 Technical leadership — architecture reviews, code reviews, and mentorship for small engineering teams.

Typical engagement: 2–12 weeks, discovery through production release and handover.

Reach out:

• 📧 Email: contact@flowdesk.tech
• 🌐 Website: flowdesk.tech
• 💼 GitHub: github.com/Flowdesktech