Architecture
Sovereignty & Resilience
DRIVUNO is designed for provider resilience. Your files are encrypted before they leave your device — so whichever infrastructure provider stores them, the contents stay unreadable to us and to them. EU/Japan deployment options are part of the architecture.
Baseline mode
Standard operations
What stays true no matter which provider runs
- Files are encrypted on your device before upload. Providers only receive ciphertext.
- We hold no keys that can decrypt your files. Not Supabase, not Stripe, not us.
- Metadata is minimized. Filenames, folder structure, and message subjects are encrypted too.
- An admin or operator cannot read your content. This is enforced by architecture, not policy.
Operational providers today
- Supabase: encrypted database rows and encrypted object storage (current primary).
- Stripe: subscription billing — never sees your file content.
- Cloudflare: edge delivery, DNS, DDoS protection — only routes ciphertext.
- Lovable Email: operational emails (verification, billing, alerts) — never your file content.
EU / Japan deployment-ready
- Region selection at signup: EU, Japan, or Global. Recommended automatically from your locale.
- EU fallback candidates wired in: OVHcloud, Scaleway, Hetzner, Mollie, Adyen, Plausible.
- Japan fallback candidates wired in: Sakura, IIJ, GMO, KOMOJU, GMO Payment Gateway.
- Self-hosted PostgreSQL and S3-compatible (MinIO) supported through the storage adapter.
- Your encrypted data stays in your declared region unless you explicitly request a migration.
What our fallback-ready architecture means
- Provider-agnostic interfaces: storage, database, payment, auth, email, analytics, CDN, DNS.
- Admin can mark any provider as degraded, offline, or disabled in real time.
- Sovereignty modes — Standard, EU Safety, Japan Safety, Hybrid, Emergency — change routing without re-deploying.
- Encrypted migration tools move ciphertext between providers. Plaintext is never reconstructed server-side.
Privacy-friendly by default
- No Google Analytics. No fingerprinting. No cross-site tracking.
- Self-hosted fonts and assets. No required third-party scripts.
- Privacy-friendly analytics options (Plausible, Umami, Matomo — self-hosted) when enabled by the operator.
DRIVUNO does not promise unhackability, absolute security, anonymity forever, or government-proof storage. We describe what the architecture is designed to do: encrypt before upload, minimize metadata, and stay provider-agnostic. The mathematics of end-to-end encryption is well understood; our job is to implement it carefully and not weaken it for convenience.
