Dual-Cloud Privacy

Updated 2026-05-19 · For files stored under the dual-user-cloud architecture

One-sentence summary

Vaulta's server never holds your file content, never sees your cloud-drive credentials — it only holds a tiny key.

What we do · what we don't

✓ We do

  • Encrypt your file locally with AES-256-GCM
  • Split ciphertext into 3 parts: A, B, and a tiny key blob
  • Guide you to upload A and B to your own clouds (Google Drive, Dropbox, etc.)
  • Store only the <1KB key + metadata (filename, category, folder URLs) on our servers
  • On open: guide both cloud logins, fetch A + B, attach our key, decrypt locally

✗ We don't

  • Collect your cloud-drive credentials — login happens in your own browser/app
  • Store your complete ciphertext — we only hold the key
  • Have the ability to decrypt your files — key alone is useless
  • Analyze your file content — we have no way to read or search them
  • Share your data with ad networks, brokers, or governments outside lawful subpoena

Three-part ownership matrix

Cloud A (e.g. Google Drive)Cloud B (e.g. Dropbox)Vaulta server
Stores~50% encrypted ciphertext (part A)~50% encrypted ciphertext (part B)<1KB key + metadata
Can read?Only youOnly youVaulta backend (useless alone)
We can access?No (no creds)No (no creds)Yes (key in our KV)

To reconstruct your file, an attacker needs all three — breaching one or two of these systems alone reveals nothing useful.

Need the full statement?

The complete legal version — including Q&A on company shutdown, device loss, government requests, and your data-export rights — is available on request. Email privacy@vaulta.jovimastery.com and we'll send the latest version.