Zero-Knowledge Encryption

Your documents are encrypted before they leave your device. We never see your data.

The Zero-Knowledge Promise

What It Means

Zero-knowledge architecture ensures that MeCentral servers never have access to your unencrypted documents. All encryption happens in your browser before any data is transmitted.

  • Client-side encryption only
  • Keys never leave your device
  • Server stores only encrypted blobs
  • Even MeCentral can't decrypt your data

Technical Implementation

// Encryption happens in your browser
const encryptDocument = async (document) => {
  // Generate unique document key
  const docKey = sodium.crypto_secretbox_keygen();

  // Encrypt document with key
  const encrypted = sodium.crypto_secretbox_easy(
    document,
    nonce,
    docKey
  );

  // Seal key with your master key
  const sealedKey = sodium.crypto_box_seal(
    docKey,
    userPublicKey
  );

  // Server only receives encrypted data
  return { encrypted, sealedKey };
};

End-to-End Encryption Flow

1

Document Selection

You select a document to upload from your device

2

Browser Encryption

Document is encrypted using libsodium in your browser

3

Secure Transmission

Encrypted blob sent to MeCentral servers over TLS

4

Edge Storage

Encrypted data stored in R2 edge storage globally

Convenient Mode

For everyday users who prioritize ease of use while maintaining strong security.

  • Server-escrowed recovery keys
  • Password reset available
  • Multi-device sync
  • WebAuthn/Passkeys for auth

Paranoid Mode

For security-conscious users who want complete control over their encryption keys.

  • Client-only key management
  • No password recovery
  • Hardware key support (FIDO2)
  • Manual key backup required

Cryptography Stack

libsodium

Modern, easy-to-use crypto library with strong security guarantees

XChaCha20-Poly1305 Argon2id KDF

WebAuthn

Passwordless authentication using biometrics and hardware keys

FIDO2 Passkeys

Digital Signatures

Every document cryptographically signed to prevent tampering

Ed25519 SHA-256

Security & Compliance

Planned Security Audits

  • NCC Group

    Full cryptographic implementation review

  • Trail of Bits

    Smart contract and zero-knowledge proof audit

  • Penetration Testing

    Annual third-party penetration tests

Compliance Standards

SOC2 Type II
Security & availability
GDPR
EU privacy compliance
CCPA
California privacy

Ready to take control of your data?

Experience true privacy with zero-knowledge encryption

View Architecture Explore Use Cases