When it comes to privacy, proof is better than promise.

(And it helps us sleep better at night.)

For many online services, privacy is at best a promise:

they promise to use strong encryption internally.

they promise not to willingly give your data to a third party.

they promise to do their best to secure your data from malicious attackers.

Promises are not bad. I mean, they are much better than nothing.

But proofs are way better.

As a young tech startup planning to offer cloud storage services, we decided to treat our own service the same way we treat any service we use to store our data: with extreme suspicion.

We made design decisions by answering one question: what would it take for us to feel that a cloud storage is safe enough to hold our most private data?

We ended up with:

An application that encrypts all user data using AES256 before uploading them to our service.

uploading them to our service. Randomly generated client-side encryption keys that are never transmitted to us or anyone else.

transmitted to us or anyone else. The source code of the client application is open for anyone to see and verify it works as advertised (and hopefully improve).

Which means that, even if we want to, even if someone put a gun on our head (be this a government or a villain), even if we did a terrible mistake, we have no way of reading your data. What’s more, we don’t expect you to trust us to do as we say, you can check the source code yourself. Because we believe that when it comes to privacy, proof is much better than promise.

I have to be honest: We also did it for ourselves.

You see, our mission is to safeguard and preserve personal digital archives for the future —for decades. We know it is a huge responsibility and we treat it as such. Protecting private data for such a long time from hackers or human error is a task that even companies the size of Google or Adobe fail at.

We will sleep much better at night if everything is strongly encrypted and we never get the key.