What we offer applies the “always verify” specifically to the client’s data by ensuring that no one, not even our company, can access your files. Remember the Keys are Yours. Your encryption keys are generated on your own device, not on the servers. Our company never has access to your password or your encryption keys, no one can decrypt your data, see your file names or metadata, or provide your data to third parties, except for you, (even if requested by law enforcement). Here are some extra details and information about how we use Zero-Knowledge Architecture.

(There is no password recovery) as a default. Unlike traditional services (like Google Drive or Dropbox), if you lose your password, we cannot reset it for you because we don’t have the means to it, unless you give us permission. This removes the “trusted” middleman entirely. You would be 100% right if you feel skeptical about this unusual option. It is true that if a company can reset your password, it implies they have a way to access your data, so we will talk about the technical details of how this works.

Here is the clarification on how we offer a reset while claiming Zero-Knowledge:

1. The “True” Zero-Knowledge Way (Desktop App). If you have the Desktop App installed and logged in, you can reset your password directly through the app settings without an email link.
   How it works: Since the app is already authenticated and holds your encryption keys locally, it can “re-wrap” your data with a new password without ever sending your keys or password to the servers. This is 100% Zero-Knowledge.
2. The “Optional” Email Reset (the one you see in the log in page “forgot your password?”).
   You will be offered an Email-based Password Recovery feature, but there is a major security trade-off that we are very specific about: It’s Optional: You actually have to enable this in your settings (it is often on by default for convenience). If you disable it, and you don’t have the desktop app, you are permanently locked out if you lose your password.

The “Escrow” Key: When this is enabled, our company stores a backup of your encryption keys in a “locked box” (escrow) on a separate, secure server. The escrowed key is created when the feature is enabled. * For Free Accounts: It is usually created during the sign-up process because “Email-based password recovery” is often enabled by default. To clarify, for premium tiers, it is created automatically upon account setup, as this feature is a default requirement for most of their premium tiers, and we will walk you through the steps. The key can only be generated when your current password is “known” (i.e., when you are logged in or during the initial account creation). This is because the system uses your current password to unlock your master key, which it then copies and re-encrypts into the “escrow” vault.

The Catch: When you use this reset, our company’s automated system temporarily accesses those keys to pair them with your new password. No one, even employees, can see your files during this process, but technically, the “Zero-Knowledge” seal is briefly broken by the automated system to facilitate the recovery.

And finally, let’s answer the following question, “If disabled and re-enabled, is the key re-generated?”
Yes. Our company deletes the existing escrowed key from the server. At this point, our company has zero technical ability to recover your data via email.