Most “secure” cloud storage encrypts your files — with keys the provider also holds. That's a lock whose spare key sits in someone else's pocket. Here's what zero-knowledge actually means, and how we built a drive that even we can't open.
Open the settings page of almost any mainstream cloud drive and you'll find the word encryption. It's true — your files usually are encrypted, both while they travel to the server and while they sit on disk. What that page rarely spells out is the part that matters most: the provider holds the keys.
So yes, your data is locked. But the company storing it can unlock it at any time — to scan it, to index it, to comply with a request, or in the worst case because someone broke in and stole the keys along with the files. Encryption where the keys live next to the data is a lock with the spare key taped to the door.
Zero-knowledge is a precise claim, not a marketing adjective. It means the people running the service have zero knowledge of what you store. Your files, and even your filenames, are encrypted on your own device before anything is uploaded. The server receives ciphertext — scrambled bytes — and keys that are themselves encrypted (“wrapped”) so the server can store them but never open them.
The practical test is simple. Ask any storage provider one question:
“If I lose my password, can you recover my files for me?”
If the answer is yes, they can read your files — full stop. If the answer is “no, only you can,” you've found real zero-knowledge. Vault Desk's answer is no. We can't reset your way back into your data, because we never had the keys to it. (You do get a one-time recovery key at sign-up — held by you, never by us — so “only you” doesn't have to mean “locked out forever.”)
Privacy claims are cheap. Here's the machinery underneath ours — all of it standard, well-reviewed cryptography from libsodium, running inside one small core we share across web and mobile so it behaves identically everywhere.
When you upload, your device derives your keys locally and encrypts each file with XChaCha20-Poly1305 — a modern, authenticated cipher — before a single byte goes out. The server only ever stores the encrypted blob and a wrapped key it has no way to unwrap. Filenames are encrypted too, so even your folder structure stays private.
Logging in normally means shipping your password (or a hash of it) to a server and trusting it to check it. Vault Desk uses OPAQUE, an aPAKE protocol standardized as RFC 9807. It lets the server confirm you know your password without the password ever crossing the wire. A breach of our login system reveals nothing an attacker could use to log in as you — or to derive your keys.
Share a file and its key is sealed to the recipient's public key with X25519, so only they can open it; we just pass along sealed bytes. But how do you know the public key we handed you really belongs to your recipient, and not a key the server quietly swapped in? Vault Desk publishes keys in a Key Transparency log — an append-only, tamper-evident ledger (Merkle tree) that clients verify. If the server ever substituted a key, the proof simply wouldn't check out, and your app would reject it.
This isn't aspirational. The crypto core ships with 53 passing tests that run the real cryptography — including an end-to-end check that a stored blob contains no plaintext, recovery over real HTTP, and a test that a server-substituted sharing key is detected and rejected. The primitives are deliberately boring: XChaCha20-Poly1305, X25519, Ed25519, Argon2id.
You don't have to be hiding anything to want a drive only you can open. The files most people keep in the cloud — tax records, passports, medical results, contracts, family photos, the spreadsheet with every account number on it — are exactly the files that do the most damage when they leak. And they leak constantly: through breaches, over-broad legal requests, careless internal access, and quiet content scanning you never agreed to.
Zero-knowledge changes the worst-case outcome. With Vault Desk, the most an attacker can steal from our servers is a pile of encrypted blobs and wrapped keys — useless without a password we never see. We designed for the day the server is compromised, so that day reveals nothing.
You get 5 GB free, secure sharing, public links, and the same total encryption on every plan. It runs in your browser today, with mobile apps sharing the exact same crypto core, byte for byte. Creating an encrypted vault takes under a minute — and the keys are yours from the first one.
Privacy you have to take on faith isn't privacy. Ours is something you can check.
Free to start, private by design. Your files are encrypted before they ever leave your device — and only you hold the keys.