A database breach wouldn't compromise your files because we never store the secrets needed to access them.
When you start an upload, the API generates a unique bID and secret, then provides a short-lived presigned URL. Your file transfers directly from your terminal to S3—it never passes through our servers. Once the upload completes, the bID and secret are returned to your CLI.
The secret is immediately discarded by our backend. Only its cryptographic hash is stored in our database.
In the current release, files rely on S3's server-side encryption. The bID + secret function as access control mechanisms rather than encryption keys. The zero-knowledge aspect refers to us never storing the secrets themselves - only cryptographic hashes - so we can't authorize downloads even if our database is compromised.
I've been actively working on adding client-side encryption to the CLI so files are encrypted by the binary before upload. The CLI implementation is ready, but I'm working through aligning the web dashboard with these changes. Should have it deployed in the next few days.
When you start an upload, the API generates a unique bID and secret, then provides a short-lived presigned URL. Your file transfers directly from your terminal to S3—it never passes through our servers. Once the upload completes, the bID and secret are returned to your CLI.
The secret is immediately discarded by our backend. Only its cryptographic hash is stored in our database.