FlowCrypt is free for individuals and organizations with fewer than 100 users on their personal email encryption product. Larger organizations and Google Workspace Client-Side Encryption deployments use paid enterprise tiers. PGPony is free with no tiers.

Is FlowCrypt open source?

FlowCrypt makes its source code publicly available on GitHub but is licensed as proprietary software. PGPony is also proprietary, built on audited open libraries (Bouncy Castle on Android, audited Swift code on iOS).

Can I migrate from FlowCrypt to PGPony?

Yes. In FlowCrypt, go to Settings → Keys → select your key → Backup → "Download in OpenPGP format". Save the .asc file. On the same phone, open the file and choose PGPony. Same fingerprint, full key import.

Which one has better Gmail integration?

FlowCrypt has tighter Gmail integration — it can fetch your inbox directly through Gmail's API, decrypt in-app, and reply with encryption pre-configured. PGPony works with Gmail (or any other email) via the system Share Sheet on iOS and Intent on Android, which is one extra tap but works with any email client, not just Gmail.

Does FlowCrypt support OpenPGP v6 (RFC 9580)?

FlowCrypt uses OpenPGP.js (browser and iOS) and PGPainless (Android). Both libraries have ongoing v6 work; consumer-facing v6 support in FlowCrypt is not yet fully shipped. PGPony imports v6 keys, decrypts v6 messages, and verifies v6 signatures today.

Which is better for enterprise deployment?

FlowCrypt. They build for the Google Workspace enterprise use case explicitly — Client-Side Encryption integration, central key management options, enterprise sales/support. PGPony is built for individual users; there is no enterprise tier or central admin product.

Does either support YubiKey on mobile?

Neither ships YubiKey / NFC hardware-token support in their current mobile apps as of writing. PGPony has hardware-token support planned for v6.0.

// pgpony vs flowcrypt

PGPony vs FlowCrypt.

Both are modern OpenPGP apps with iOS and Android clients. FlowCrypt is Gmail-centric and built for enterprise deployment as well as individuals. PGPony is channel-agnostic and built for individuals. The mobile UX and tradeoffs differ significantly.

// the short version

You live in Gmail and want PGP that talks directly to your inbox? FlowCrypt. You want PGP that works the same in any channel (email, files, paste sites, SMS) regardless of email provider? PGPony.

At a glance.

	PGPony	FlowCrypt
Platforms	iOS, Android	iOS, Android, Chrome extension
Price	Free	Free under 100 users; enterprise paid
License	Proprietary; uses Bouncy Castle	Proprietary, public source on GitHub
Crypto libraries	Bouncy Castle (Android), Swift impl (iOS)	PGPainless (Android), OpenPGP.js (iOS, browser)
Email integration	System Share Sheet / Intent	Direct Gmail API + system Share
Works with non-Gmail mail	Any email client	Best with Gmail; supports others
OpenPGP v6 (RFC 9580)	Import, decrypt, verify	v6 work in progress in libraries
Key generation	Ed25519 + Cv25519 default	Ed25519 / Cv25519 or RSA
QR key exchange	Yes	No
Biometric unlock	Yes (per-decryption optional)	Yes (app-level)
Account required	No	Sign in for Gmail integration
Enterprise admin	No (individual app)	Yes (paid tier)
Best for	Individual users, any channel	Gmail users, enterprise deployments

Honest tradeoffs.

Where FlowCrypt wins

Direct Gmail integration. FlowCrypt connects to Gmail through Google\'s API and presents your encrypted inbox inline, with decryption happening in-app. If your entire workflow is Gmail, this is a noticeably smoother experience than PGPony\'s "copy to PGPony, decrypt, copy back" loop.
Enterprise-ready. FlowCrypt sells to organizations with central admin, key escrow options, and Google Workspace Client-Side Encryption integration. PGPony has no enterprise product.
Established and funded. FlowCrypt a.s. is a real company with paid customers and dedicated security review. PGPony is a solo indie developer\'s side project — fewer resources, but also no vendor risk in the corporate sense.
Bug bounty program. FlowCrypt runs a public bug bounty for security researchers. PGPony does not (yet).
Browser extension too. Chrome extension for desktop Gmail. PGPony is mobile-only by design.

Where PGPony wins

No account, no sign-in. Install PGPony, generate a key, done. FlowCrypt for individuals also works without an account for offline use, but the Gmail-integrated flow requires Google sign-in. PGPony never needs any sign-in.
Channel-independent. PGPony encrypts text and files for use in any channel — email, SMS, Slack, paste sites, code review tools. FlowCrypt is email-oriented (especially Gmail). For non-email PGP usage, PGPony fits better.
OpenPGP v6 import today. PGPony imports v6 keys, decrypts v6 messages, and verifies v6 signatures right now. FlowCrypt\'s consumer-facing v6 support is still in progress.
QR code key exchange. Hand someone your public key by scanning a QR — useful for non-email handoffs. FlowCrypt does not have this.
Per-decryption biometric prompt. PGPony optionally requires Face ID / fingerprint for every single decryption, not just app open. FlowCrypt uses app-level biometric lock.
Six-language localization. English, German, Spanish, French, Japanese, Brazilian Portuguese fully localized. FlowCrypt is primarily English.
Free, no tier limits. PGPony has no scale ceiling and no "Pro" upsell. FlowCrypt is free under 100 users but paid above.

Use case fit.

The cleanest mental model: FlowCrypt is "encrypted Gmail with PGP under the hood". PGPony is "a PGP toolbox you reach for from anywhere on your phone".

If you live in Gmail all day — FlowCrypt\'s inline decryption inside the inbox view is real productivity. PGPony will work with Gmail, but as a separate app you switch to and from.
If your email is iCloud Mail, Outlook, FastMail, Proton, or anything not Gmail — FlowCrypt\'s deepest advantage doesn\'t apply. PGPony is the more natural fit.
If you encrypt files, SMS, Slack messages, or code reviews — anything outside an inbox — PGPony was designed for this. FlowCrypt can do it through general clipboard / file flows, but it\'s not the primary product.
If you\'re deploying PGP across a team / company — FlowCrypt\'s enterprise tier handles this with central management. PGPony is not built for centralized deployment.
If you want PGP that\'s opinionated about staying local and personal — PGPony stores keys only on-device, has no telemetry, no account, no servers in the path beyond optional WKD / HKP lookups.

The verdict.

Choose FlowCrypt if Gmail is your primary email and you want PGP woven into that workflow specifically. Or you\'re deploying encrypted email across an organization and need central administration. Or you value the enterprise-software qualities (funded company, bug bounty, support contracts).
Choose PGPony if Your email is non-Gmail. Or you encrypt content outside email (files, SMS, paste sites, Slack). Or you want OpenPGP v6 import today. Or you prefer no-account, no-sign-in, local-only key management. Or you\'re part of a multilingual audience (six languages localized).
Try both if Free is free. Install both, generate the same key in both, see which workflow feels right. The OpenPGP standard means there\'s zero lock-in — your key works in either app forever.

Try PGPony

Free. No accounts. No tracking. Works with everything that speaks OpenPGP.

Download on the App Store

Get it on Google Play