Trust Through Math, Not Policy.
ObsidianX is encrypted accounting software and operations software for businesses that do not want public onboarding, broad staff exposure, or recoverable local traces. The security architecture is built around zero-knowledge architecture, operator-controlled secrets, and incident controls for sensitive commercial records.
Encrypted Operational Ledger
Sensitive business records are encrypted before persistence. Customer ledgers, balances, notes, product records, and operational history are stored as protected application data rather than casually readable books.
Zero-Knowledge Architecture
ObsidianX is designed so decrypted business content depends on operator-controlled secrets. We do not want, and are not meant, to have routine visibility into your live customers, books, or internal records.
Minimal Identity Collection
Provisioning is private and controlled. There is no public self-sign-up flow, no requirement to hand over personal profile data, and no dependency on public onboarding just to enter the system.
Recovery Phrase
A recovery phrase is issued during registration and becomes the only recovery path if you lose your password. It should be stored offline and separately from primary credentials because support cannot bypass it for you.
Swiss Hosting Posture
Infrastructure is anchored in Switzerland and kept inside a controlled hosting model rather than spread across a marketing cloud stack. That keeps privacy posture and jurisdictional assumptions clearer.
Restricted Infrastructure Footprint
ObsidianX avoids broad third-party exposure. The goal is a smaller infrastructure footprint, tighter control over where sensitive workloads live, and fewer outside systems sitting near your live records.
Invitation-Only Registration
New accounts require a single-use activation code. There are no open sign-ups and no casual self-service registration. Access is discussed privately, issued directly, and can be shut down immediately if the risk posture changes.
Security Audit Logging
Key security events are logged with timestamps and context. Login attempts, permission changes, destructive actions, and administrative events remain attributable without slowing down daily operations.
Session and Request Hardening
Write operations are protected against request forgery, authentication paths are rate-limited, and security material stays out of source control. The system treats routine abuse resistance as part of the product, not an optional extra.
Staff Exposure Minimisation
Delegated staff workflows are intentionally separated from full-system access. Staff sub-accounts cannot view everything by default, and the Telegram bot is unbranded and minimal by design. If a staff device or bot session is compromised, the exposure surface stays smaller.
The Duress Password
In environments where coercion is a real threat, standard encryption is not enough. ObsidianX includes a configurable duress password. If entered at the login terminal, the system simulates successful authentication while simultaneously executing permanent cryptographic shredding of hosted records.
Code Red
Designate a trusted contact. In a live incident such as seizure, theft, or coercion, your trusted contact can act remotely without needing your password, your device, or physical access to the environment.
Remote Lock
Immediately lock the account and terminate active sessions.
Encrypted Backup Export
Export a protected backup package remotely for continuity or containment.
Remote Destroy
Permanently destroy hosted operational data where required, without device access.
Export and Destroy
Extract a backup and destroy the hosted copy in the same controlled workflow.
Controlled recovery after containment
After containment, the owner can later restore the system using the protected backup package and their recovery phrase. Code Red is designed for containment, survivability, and controlled recovery, not simple account disablement.