Your master key never leaves your device. Even with full server access, your files remain encrypted and unreadable.
“We do not need access to your data — and we have made sure we cannot get it.”
For privacy-conscious users, journalists, legal teams, founders and security-aware professionals.
Your password is stretched on your device with a modern, memory-hard KDF before any key material exists.
Authenticated encryption for every file chunk, with unique nonces per chunk.
Sharing uses X25519 sealed boxes. Recipients decrypt with their own keys.
Servers store opaque blobs. They cannot tell a contract from a photo.
There is no master override, no admin decryption, no plaintext on the server.
Built on widely reviewed primitives via libsodium — no proprietary cryptography.
Many services use the term loosely. In DRIVUNO, zero-knowledge has a precise meaning: there is no execution path in our backend that has access to your decryption keys. If a request asks us to read your data, we cannot comply because we do not have the technical means.
When you sign up, your password is processed locally by Argon2id and turned into a master key. That key encrypts a file-encryption key and a private signing key, both generated on your device. The server only stores encrypted wrapped keys — not the keys themselves.
The server can authenticate you, deliver ciphertext, route encrypted messages and enforce quotas. It cannot read file contents, message contents, or attached metadata such as original filenames once they are sealed.
No. Files are encrypted on your device before upload using XChaCha20-Poly1305. DRIVUNO servers only ever store ciphertext. The keys required to decrypt your files are derived from your password on your device and never leave it unencrypted.
Zero-knowledge is an architecture in which the service provider has no technical ability to access user data. With DRIVUNO, your master key is derived locally from your password using Argon2id. The server never sees that key, so it cannot decrypt your files even if compelled to.
DRIVUNO uses a different architecture. Google Drive, Dropbox and similar consumer clouds hold the encryption keys to your files, which means their staff, automated systems, and any party with legal access can in principle read your content. DRIVUNO is designed so that this is technically not possible on our side.
Because we cannot read your data, we also cannot reset it for you. You can configure a recovery key when creating your account. We strongly recommend storing it offline. Without your password or recovery key, encrypted data cannot be recovered — by design.
No. There is no admin-level decryption key. Our staff cannot decrypt your data, even when asked to.
DRIVUNO uses widely audited open primitives (libsodium). Independent audits of the application layer are part of our roadmap and will be published on the transparency page.
Start free with 2 GB. Zero-knowledge encryption from the first upload — no admin override, no AI scanning, no plaintext on the server.
