01
No logs by physics, not policy
If data doesn't exist, it can't be subpoenaed, leaked, or sold. We design systems whose threat models survive the worst possible day.
A collective of engineers & ex-Wickr security professionals
We build the tools that secure your digital life.
HexTech Labs is a small, senior team shipping privacy-first software for a world that forgot to ask for it. We design protocols, harden infrastructure, and turn research into products people can actually use.
- Years shipping security software
- 7+
- Engineers across the collective
- 11
- Encrypted bytes our code has carried
- 40PB+
- Logs we kept
- 0
// Mission
Privacy is infrastructure. We build it.
The defaults of the consumer internet leak. Most of what people call "security" is a checkbox on a marketing page. We started HexTech Labs because the protocols, the runtimes, and the apps that protect real people need to be built by engineers who treat that as the product — not a feature.
02
Encrypted by default, plainly
Modern cryptography, audited primitives, perfect forward secrecy — wrapped in interfaces a normal person can actually use without a PhD.
03
Native, fast, honest
Real apps for real platforms. We don't ship security theatre.
04
Open about what matters
Wire formats, protocols, key handling — public and reproducible. Code that handles secrets shouldn't be a black box.
// Capabilities
What the lab does well.
Seven years of building secure messaging, transport, and identity at Wickr taught us a particular set of muscles. Here's where we put them to work.
Cryptographic protocol design
End-to-end messaging, secure transport, key transparency, and post-quantum migration paths. We design protocols, then audit them, then run them in production.
Privacy-preserving infrastructure
RAM-only servers, stateless edge, hardware-rooted attestation, oblivious routing. We make systems that can prove what they don't keep.
Native client engineering
Apps that ship on Mac, Windows, iOS, Android, and Linux from a shared Rust core. Same crypto everywhere; no JavaScript handling your keys.
Security review & threat modeling
Independent reviews of cryptographic systems, identity flows, and trust boundaries. We've broken enough of our own designs to know where to look first.
Global edge networking
Building, deploying, and tuning low-latency networks across continents. PoPs, anycast, congestion control, the whole boring stack — done right.
Applied research & product
We turn lab work into shipping product. New protocols become public betas; betas become things people pay for. HexVPN is one of them.
// Initiatives
Visions, in production.
Each initiative starts inside the lab as a thesis about what the next layer of privacy infrastructure should look like — then it has to earn its keep with real users.
Flagship · live
HexVPN
The next-gen VPN, stateless by design.
Our public answer to consumer VPNs that quietly keep more than they admit. RAM-only servers, the HexGuard tunnel (ChaCha20-Poly1305), AI threat protection, and native clients on every major platform. Built by the lab, run as its own thing.
hexvpn.co
Private beta
HexNode
A bring-your-own-hardware operator program for running HexGuard-compatible edge nodes. Stateless boot, attested runtime, paid in proof-of-bandwidth.
Internal alpha
HexMesh
Identity-bound peer-to-peer overlay for teams that need to move files, voice, and signal without trusting any single relay. MLS under the hood.
Research
PQ-Bridge
Post-quantum key encapsulation layered on existing TLS and Noise deployments. Drop-in, hybrid by default, fail-open to classical only when explicitly allowed.
In development
HexGamma
A companion protocol to HexGuard for places where VPNs get blocked. HexGamma camouflages your tunnel as normal web traffic and tolerates packet loss and throttling — built to punch through the Great Firewall and similar network-level censorship.
// Contact
Got a hard problem? We like those.
We keep the collective small, but we're always glad to hear from people building at the edge of secure networking — research collaborations, partnerships, or just comparing notes. Write us; we read every email.