What we defend against — and what we honestly do not.
Server compromise: only ciphertext is exposed. Network interception: TLS plus end-to-end encryption. Compelled disclosure: we can only disclose ciphertext and limited metadata. Malicious insider on our side: no plaintext path to user content.
Account takeover via password reuse or phishing: mitigated by strong KDF, optional second factor, recovery key. Endpoint compromise: mitigated by short session lifetimes and per-device trust, but a fully compromised endpoint can still expose plaintext at the source.
A user who shares their password publicly. A user who installs malware on their device. A nation-state attacker with control over your device. We are honest about these limits because they are inherent to any system.
DRIVUNO is not designed to provide anonymity. Accounts are tied to verified email addresses. We are a confidentiality service, not an anonymity service.
Start free with 2 GB. Zero-knowledge encryption from the first upload — no admin override, no AI scanning, no plaintext on the server.
