Built-in ad blocker
uBlock-parity filter lists run in the engine, not as a fragile extension. Ads and the requests behind them never load.
Security & Privacy
Private by default. Verifiable by design.
Plantel Browser is built on the Plantel Chromium fork — site isolation, a strict process model, and the privacy defenses baked into the engine instead of bolted on after.
The engine does the heavy lifting.
Plantel Browser runs on the Plantel Chromium fork — a maintained fork of the same engine the modern web is tested against. You inherit Chromium's web-standards parity and its security model, and we keep the fork current with upstream fixes.
Every site renders in its own sandboxed process under strict site isolation, so a hostile page cannot read another origin's memory. The strict process model is the foundation everything below builds on — not a setting you have to find and turn on.
Defenses on by default.
No add-ons to install, no allowlist to curate before you are protected. These ship in every build and apply from the first tab.
Tracker blocker
Cross-site trackers and analytics beacons are dropped before the page can reach them. On by default, per-site overridable.
Fingerprint protection
Canvas, audio, font, and hardware signals are normalized so sites see a generic, non-unique device instead of you.
HTTPS-only
Every navigation is upgraded to HTTPS. Plain-HTTP loads hit an interstitial first — you opt in, you are never silently downgraded.
DNS-over-HTTPS
Domain lookups are encrypted, so your network and ISP cannot read or log the sites you visit from DNS traffic.
Per-site permissions
Camera, microphone, location, notifications, and clipboard are prompted per site and listed in one place you can revoke from.
Zero-knowledge end-to-end sync.
Your data syncs across every device, encrypted on your machine before it ever leaves. The keys stay with you — Plantel's servers see ciphertext, never your tabs, history, or vault. That is what zero-knowledge means: we cannot read your data even if we wanted to.
These ten data classes travel end-to-end encrypted, with conflicts resolved locally:
- Tabs
- Bookmarks
- History
- Reading list
- Settings
- Spaces
- Vault
- Brain index
- Downloads
- Permissions
The vault behind Plantel Access uses the same zero-knowledge model — credentials are encrypted per item, and the server only ever holds the encrypted blob.
Locked to you, not to a password.
Biometric unlock
Touch ID, Face ID, Windows Hello, and Linux fprintd unlock the browser and your vault. Passkeys and WebAuthn replace passwords where the site supports them, with a master password as fallback.
Lockscreen + idle lock
A dedicated lockscreen guards every session, with per-Space and idle auto-lock. Sensitive actions re-prompt for biometrics, so a walked-away laptop is not an open door.
Where we are, honestly.
Plantel Browser is in early access (v0.2.6-alpha). The security architecture above — site isolation, the in-engine defenses, and zero-knowledge sync — is what the product is built around, and we will not claim certifications or audits we have not earned.
For audit-grade, continuously verified controls across the wider Plantel platform, see Plantel Compliance. Found something? Reach the security team at security@plantel.ai and read our privacy policy.
A browser that protects you out of the box.
Native for macOS, Windows, and Linux. Privacy on by default.