Why We Built Mandraki

Every meaningful product begins with a frustration. Ours was simple: European organisations, including governments, hospitals, and critical infrastructure operators, were routing their most sensitive conversations through servers controlled by companies subject to US jurisdiction. Not because they wanted to, but because there was nothing else good enough to use.

The problem we kept seeing

We had spent years working in enterprise technology across Europe. The pattern was always the same. An organisation would evaluate collaboration tools, weigh the options, and end up choosing one of the same handful of American platforms — not out of preference, but out of resignation. The European alternatives that existed were either too clunky, too limited, or too fragile to bet a business on.

Meanwhile, the regulatory landscape was shifting. Schrems II had invalidated Privacy Shield. The EU Data Act was taking shape. DORA was imposing strict requirements on financial services. NIS2 was broadening cybersecurity obligations across critical sectors. The message from European regulators was clear: you need to know where your data lives, who can access it, and under what legal framework.

Yet the tools most organisations relied upon for their daily work — video calls, messaging, file sharing — remained firmly outside that framework.

What we set out to build

Mandraki was born from the conviction that European organisations deserve collaboration software that is genuinely sovereign. Not sovereign as a marketing label, but sovereign in the ways that actually matter: data residency, legal jurisdiction, encryption architecture, and infrastructure control.

We wanted to build something that a chief information security officer at a European bank could deploy without writing a fifty-page risk assessment. Something that an IT administrator at a hospital could trust with patient-adjacent communications. Something that a government ministry could use without wondering whether a foreign intelligence agency had a legal backdoor.

That meant making hard architectural decisions from the start. We chose to run exclusively on a European-owned hyperscaler that gives us the scale our workloads need without leaving EU jurisdiction. We implemented end-to-end encryption using the MLS protocol, so that even we cannot read our customers’ messages. We built a three-layer envelope encryption system with Bring Your Own Key support, so that enterprises retain full control over their cryptographic material.

Why sovereignty is not just about location

It is tempting to think that data sovereignty is simply a question of geography — put your servers in Frankfurt and tick the box. But it runs deeper than that.

The US CLOUD Act, for example, allows American authorities to compel US-headquartered companies to hand over data stored anywhere in the world. This means that using a European data centre operated by an American company does not, in itself, provide sovereignty. The legal jurisdiction of the software vendor matters as much as the physical location of the hardware.

Mandraki is a European company, built by a European team, running on European infrastructure, subject to European law. Every layer of the stack — from the application code to the cloud provider to the corporate entity — falls under EU jurisdiction. There is no foreign parent company that could be compelled to provide access.

What we have built so far

Today, Mandraki is a complete daily-work suite: group video calls with screen sharing, recording, and AI transcription processed entirely within the EU; persistent chat with threading, channels and direct messages; calendar with scheduling and availability; mail with managed company mailboxes; drive with built-in editors compatible with Word, Excel and PowerPoint documents; tasks and project management; end-to-end encryption for messaging and media; cross-organisation federation; and a management console for operations teams. Mobile applications run on iOS and Android. Deployment options range from shared multi-tenant SaaS through dedicated single-tenant instances to on-premises installations for organisations whose accreditation framework requires it.

The platform is built as a TypeScript monorepo with a React frontend, Fastify API server, and mediasoup-based SFU for WebRTC media routing. It supports multi-tenancy with organisation-level isolation, role-based access control, and domain-verified auto-capture for enterprise onboarding.

We are a small team, and we are honest about that. The largest US platforms still have feature surface we have not built — we are focused on doing the daily-work surface well, with the right architectural foundations: true encryption, true sovereignty, true European jurisdiction.

What comes next

Our roadmap is guided by the needs of the organisations we serve. We are working on deeper calendar integration, enhanced file sharing with client-side encryption, mobile applications, and expanded federation capabilities for cross-organisation collaboration.

We are also investing in the operational tooling that enterprise customers expect: audit logging, compliance reporting, SIEM integration, and granular administrative controls.

Mandraki is not a protest against American technology. It is an assertion that Europe can and should build its own. The talent is here. The regulatory mandate is here. The infrastructure, thanks to a new generation of European hyperscalers, is here. What was missing was the will to put it all together into something that works as well as the tools people are used to.

That is what we are building. We hope you will join us.