About PGPony.
A small story about why a solo developer built proper OpenPGP encryption for your pocket.
Why this exists.
Mobile OpenPGP has been bad for a long time. The desktop side of the ecosystem is healthy — GnuPG, Thunderbird, Kleopatra, GPG Suite — but the moment you reach for your phone, the options thin out fast: abandoned apps from 2014, paywalled features for things that should be free, ugly interfaces, half-implementations that don't round-trip cleanly with the rest of the world.
PGPony started because that bothered me. PGP is one of the few pieces of software where the standard is fully open, the math is durable, and yet the user experience — particularly on mobile — has never caught up. There was no reason a clean, native, free, standards-pure PGP app couldn't exist on iOS and Android. So I built one.
The whole app runs entirely on your device. No accounts. No servers. No analytics. The only network calls happen when you explicitly tap a button — to publish your public key, to look up a recipient's key, or to download the app itself. That's not a marketing claim; it's verifiable in the iOS App Privacy Report and the Android system network log.
Who built it.
I go by NorseHorse online. I'm a solo indie developer based in Alabama, in the United States. PGPony is one of more than a dozen apps I've shipped across iOS, Android, and the web, ranging from social platforms and restaurant tooling to entity-formation software and small games.
I'm not a venture-backed startup, a security consultancy, or a privacy advocacy group. I'm one person who reads RFCs, hand-writes packet parsers, tests interoperability against gpg 2.4.x in a loop, and pushes the result to the App Store and Google Play. When you email PGPony support, you reach me. There is no support team.
The broader portfolio.
PGPony isn't a one-off. It sits inside a wider catalog of apps I build under the NorseHorse brand. Listing the others isn't bragging — it's evidence that this is a sustained practice, not a hobby project I'll abandon next quarter. The closest sibling is AgePony, which applies the same privacy-first stance to the modern age encryption protocol.
There are more — search "NorseHorse" on the App Store or Google Play to see the rest.
What I believe.
Standards over silos. PGPony implements OpenPGP because the standard belongs to everyone. Your keys work in GnuPG, in Thunderbird, in Kleopatra, in any client that speaks the protocol. If PGPony disappeared tomorrow, your keys would still work — that's the whole point.
Local-first by default. Cryptography is a device-level concern. Putting an encryption app on a server is a contradiction. PGPony keeps your private keys on your phone, encrypts on your phone, decrypts on your phone, and trusts nothing in between.
No accounts, no analytics, no negotiation. Privacy claims that depend on a privacy policy are weak. Privacy claims that depend on the absence of a network call are strong. PGPony makes only the network calls you explicitly trigger.
Free, and meant to stay that way. The most important software in the privacy stack should not be paywalled. PGPony is free with no advertising, no upsells, no "Pro" tier withholding basic functionality.
One developer, direct line. Solo development has real downsides — slower than a team, smaller bus factor, no 24/7 support. The upside is that the person reading your bug report is also the person who can fix it, and there's no product manager between them and the code.
Reaching out.
The fastest way to get a reply is email. Bug reports, feature requests, security disclosures, press inquiries, and even just thank-you notes all go to the same address.
For security-sensitive reports, see the security disclosure policy. For app-specific help, the support page answers most questions.
Now go use the thing.
The story matters. The app matters more.