Position · v1.0
Security Philosophy
A short, plain-English statement of how DRIVUNO thinks about your data — and what we refuse to ask you to trust us with.
The premise
Traditional clouds rely on provider trust. You hand over your files, and you trust the provider's staff, processes, jurisdictions, and partners not to read them. We think that model is the wrong default for sensitive work. DRIVUNO is built so the provider does not have to be trusted with the content itself.
Principles
Privacy by architecture, not by policy
A privacy policy can change. An encrypted blob cannot suddenly become readable. Our guarantees are wired into the cryptography, not just the legal terms.
Encryption before upload
Content is sealed on your device before it leaves the network boundary. The server only ever sees ciphertext and sealed envelopes.
User-controlled keys
Your password derives your master key locally. Recovery factors wrap (not escrow) that key. We have no key custody role.
Minimal trust assumptions
We design for the case where parts of our own stack are compromised: hostile DBA, malicious storage, leaked logs. Each layer is treated as untrusted by default.
Transparency over reassurance
We publish what we do, what we cannot do, and the dates we are working towards. If a security event happens, we say so publicly and quickly.
Calm, not fear
We do not sell anxiety. We document the architecture and let it stand on its own. No "unhackable," no "absolute security," no anti-government rhetoric.
What this rules out
Some product decisions are easy because they violate the philosophy:
- No server-side scanning, AI analysis, or content moderation of user files.
- No server-side password reset. The cryptography does not allow it; neither do we.
- No silent metadata expansion: every field we collect appears in the Metadata Policy.
- No telemetry of file contents, even aggregated.
- No marketing claims that exceed what the architecture actually delivers.
What this commits us to
- A public threat model describing what we protect and what we don't.
- A public security roadmap with dated commitments.
- A coordinated vulnerability disclosure policy with safe harbor.
- An incident response playbook and a public changelog.
- External cryptography review on the roadmap, followed by a full penetration test.
“The encrypted vault for the files you cannot afford to expose.”