Dual-Cloud Privacy
Updated 2026-05-19 · For files stored under the dual-user-cloud architecture
One-sentence summary
Vaulta's server never holds your file content, never sees your cloud-drive credentials — it only holds a tiny key.
What we do · what we don't
✓ We do
- Encrypt your file locally with AES-256-GCM
- Split ciphertext into 3 parts: A, B, and a tiny key blob
- Guide you to upload A and B to your own clouds (Google Drive, Dropbox, etc.)
- Store only the <1KB key + metadata (filename, category, folder URLs) on our servers
- On open: guide both cloud logins, fetch A + B, attach our key, decrypt locally
✗ We don't
- Collect your cloud-drive credentials — login happens in your own browser/app
- Store your complete ciphertext — we only hold the key
- Have the ability to decrypt your files — key alone is useless
- Analyze your file content — we have no way to read or search them
- Share your data with ad networks, brokers, or governments outside lawful subpoena
Three-part ownership matrix
| Cloud A (e.g. Google Drive) | Cloud B (e.g. Dropbox) | Vaulta server | |
|---|---|---|---|
| Stores | ~50% encrypted ciphertext (part A) | ~50% encrypted ciphertext (part B) | <1KB key + metadata |
| Can read? | Only you | Only you | Vaulta backend (useless alone) |
| We can access? | No (no creds) | No (no creds) | Yes (key in our KV) |
To reconstruct your file, an attacker needs all three — breaching one or two of these systems alone reveals nothing useful.
Need the full statement?
The complete legal version — including Q&A on company shutdown, device loss, government requests, and your data-export rights — is available on request. Email privacy@vaulta.jovimastery.com and we'll send the latest version.