← Blog
Architecture6 min read

What 'zero-access architecture' actually means

Zero-access is a precise engineering claim — not a slogan. Here is what it requires, how to verify it, and how DRIVUNO implements it.

Try it in one click.

Three private surfaces. Same zero-knowledge architecture.

A precise claim Zero-access architecture means the service provider has no technical pathway to read user data. The keys required to decrypt are derived and held exclusively on user devices; the server holds only ciphertext and wrapped material it cannot open.

This is an engineering statement, not a marketing one. It can be verified by reading the protocol, not by reading the homepage.

The three engineering requirements - **Client-side key derivation.** The master key is computed on the user's device from a password the server never sees, using a memory-hard KDF (Argon2id). - **Wrapped storage.** Per-file keys are encrypted under the master key. The server stores wrapped keys, never plaintext keys. - **No server-side decryption path.** There is no administrative override, no support tool, no recovery flow that can read user content.

If any of these three is missing, the service is not zero-access — even if it is encrypted in many other ways.

How to verify a vendor's claim - Read the protocol, not the homepage. - Ask whether password reset can recover existing files. (If yes, it is not zero-access.) - Ask what the server receives during an upload. (Ciphertext only.) - Look for audited primitives (libsodium, XChaCha20-Poly1305, Argon2id, X25519).

How DRIVUNO implements it - Argon2id-derived master key on the device. - XChaCha20-Poly1305 file encryption, per-file keys wrapped under the master key. - X25519 sealed boxes for sharing — recipient-keyed envelopes. - Ed25519 signing keys for integrity. - No server-side recovery flow that bypasses the user's password or recovery key.

What zero-access does not promise - It does not promise the provider will never be breached. - It does not promise the user cannot lose access through their own mistakes. - It does not promise anonymity — accounts are tied to verified email addresses.

What it does promise is the only thing that matters for confidentiality: that the provider, by construction, cannot read your data.

Try it in one click.

Three private surfaces. Same zero-knowledge architecture.

Encrypted on your device · upload in 1 click
Upload