Local encryption, authenticated cryptography, and zero plaintext in our datacentres.
“Encryption that happens before the upload — not after.”
For anyone who needs encrypted storage they can actually verify in architecture.
Every byte uploaded is already ciphertext. Transport encryption is a second layer, not the only one.
Each file is encrypted with its own key, wrapped under your master key.
Tamper-evident encryption: any modification to ciphertext breaks decryption and is detected.
Share links wrap a fresh key in a recipient-specific envelope. The server never sees the plaintext key.
Replicated, modern object storage with no plaintext anywhere in the pipeline.
Quotas are enforced server-side; integrity is enforced cryptographically on the client.
Most clouds describe themselves as 'encrypted' because they encrypt data in transit (TLS) and at rest (disk-level). That leaves a long list of points where plaintext exists. DRIVUNO encrypts at the highest layer possible: your device.
Per-file keys mean revoking access to one shared file does not affect the rest of your vault. It also reduces the blast radius of any individual compromise.
No. Files are encrypted on your device before upload using XChaCha20-Poly1305. DRIVUNO servers only ever store ciphertext. The keys required to decrypt your files are derived from your password on your device and never leave it unencrypted.
Zero-knowledge is an architecture in which the service provider has no technical ability to access user data. With DRIVUNO, your master key is derived locally from your password using Argon2id. The server never sees that key, so it cannot decrypt your files even if compelled to.
DRIVUNO uses a different architecture. Google Drive, Dropbox and similar consumer clouds hold the encryption keys to your files, which means their staff, automated systems, and any party with legal access can in principle read your content. DRIVUNO is designed so that this is technically not possible on our side.
Because we cannot read your data, we also cannot reset it for you. You can configure a recovery key when creating your account. We strongly recommend storing it offline. Without your password or recovery key, encrypted data cannot be recovered — by design.
Start free with 2 GB. Zero-knowledge encryption from the first upload — no admin override, no AI scanning, no plaintext on the server.
