RemoteRails

Maker of the All-in-One Sovereign Appliance

Engineered for operating like a ghost in the wind

Air-Gapped Encrypted Office with Secure Access Service Edge (SASE) & Integrated Identity Management

Virtual Appliance
View Deployment Options & Pricing
a close up of a computer mother board

Unstoppable, Censorship-Resistant Infrastructure

Deep technical expertise & real-world experience. Built by digital nomads for free spirits.

Digital Sovereignty

De-Google with a self-hosted office workspace, and untether from Big Tech hosted services with confidence. With the same open source suites trusted by governments & militaries – audited by independent security researchers.

Data Residency Planning

Situate your data in datacenter hubs with strong freedom of speech & data protection laws. Protect your business from arbitrary de-platforming. Geo-fence your systems from surveillance mandates & rapid, automated attacks.

Jurisdiction Optimization

Remotely establish resilient, compliant business structures optimized for global operations. Ensuring multi-jurisdictional redundancy and solid cross-border operational continuity using modern structural diversification strategies.

Sovereign Google Workspace and Microsoft 365 alternative

No-compromise communication & collaboration

RemoteRails is a Zero-Trust, Identity-Aware Appliance deployed directly via Bring Your Own Cloud (BYOC). The system enforces true defense-in-depth: Defguard provisions cryptographic WireGuard tunnels to grant access to an airgapped network, while unified OIDC identity checks gate access at the application level. Managed behind a secure Traefik edge router, RemoteRails ensures absolute data custody and zero-trust isolation without the enterprise bloat.

The appliance’s suite of modern, self-hosted apps includes cloud storage, office productivity, instant messaging, voice telephony, and video meetings. With no per-user fees and no automated scanning of your correspondence, documents, or media, you retain cryptographically guaranteed control of your private data without compromising on convenience.

Learn more

The capacity of your appliance is determined by CPU, RAM, & storage of the cloud or dedicated hardware you deploy it on. It is upgradable as your usage grows. Open source = no per-user licensing costs apply.

Did you know? Even with “enterprise data protection” enabled on their premium plans, Google and Microsoft’s automatic compliance scanners trawl through your users’ content for subjective ToS violations.

100%

Sovereign

Zero third-party telemetry, tracking, or corporate platform dependencies.

100%

Encrypted

Layered defense featuring TLS in transit, LUKS at rest, and zero-knowledge application architectures.

100%

Independent

Cloud-agnostic deployments on the public or private infrastructure you own.

Sync & Share, Collaboration, Conferencing & More

Built on widely deployed open source projects

The RemoteRails sovereign appliance seamlessly unifies open source applications & protocols including WireGuard, Nextcloud, Matrix, and LiveKit. By orchestrating these tools within an isolated, software-defined (SD-WAN) network on your own Zero-Trust Network Access (ZTNA) infrastructure, RemoteRails drastically reduces your attack surface while remaining incredibly simple for administrators to manage.

Meet the Stack

★★★★★

Highly recommend. The team has been incredibly easy to work with — very communicative, thorough, and responsive. And they know their stuff. Would work with them again if the opportunity arises!

— Karen L., Milwaukee, WI-based 501(c)(3) organization

Self-Hosting Made Easy. Early Access Pricing.

Hyper-Converged Sovereign Appliance

All-in-one private cloud, E2EE messaging, & vault, protected by WireGuard

$4,950

$3,396

set up

Cloud / VPS

Essential protection for individuals and small teams, deployed on a logically isolated virtual machine.

View Features

VPN Gateway + OpenID SSO

WireGuard Biometric 2FA

Private Cloud Storage

Office Document Co-Editing

Rust-based Matrix Homeserver

Self-Hosted Push Gateway

SFU for WebRTC Conferencing

Zero-Knowledge Password Vault

$8,090

$5,560

& up

Dedicated

Runs on single-tenant bare metal for maximum protection from noisy neighbors & side-channel attacks.

Reference Architecture

Everything in Cloud plus…

VM Isolation in Own Hypervisor

Custom LVM or ZFS Partitioning

Cold Boot Protection via RAM encryption (SME/TME) *

Confidential VMs via Hardware Isolation (SEV/TDX) *

DMA Attack Protection via Hardware IOMMU *

vTPM Measurement & UKI Remote Attestation (on request) *

$3,500

$2,882

add-on

E2EE Email Server

The only self-hosted PGP mail server with automated key discovery and incoming email encryption.

Add-On Details

End-to-end Encryption with PGP

Zero Access Storage of Mail

IMAP and JMAP Syncing

Automated SPF/DKIM/DMARC Management

Outgoing Mail with Smart Hosts

Web Key Discovery (WKD)

Interoperates with ProtonMail and any other PGP mail client

We use TLS encryption in transit and LUKS encryption at rest to protect all tiers. Additionally, Matrix, Vault, and Mail are protected by zero-knowledge encryption.

* Requires hardware support for AMD SME, SEV/SNP and Intel TME/TDX features.

Stay updated

Notes from mission control

We operate constantly at the intersection of technology, public policy, and law – monitoring the critical developments that impact the digital sovereignty & liberty of our customers and the public at large.

Bring your own cloud

Deploy the appliance on any public cloud, hosting provider, or on-premises private infrastructure of your choice. We are cloud & vendor agnostic – building the system exclusively within a cloud tenancy, VPS, or dedicated server that you own and control.

Get Started Today