The Server Cannot Read What It Stores
Encryption Keys Stay With the Client
A Key the Server Never Retains
Each file is encrypted with a key the client supplies at upload.
The server applies the key, writes only the ciphertext, and does not retain the key beyond the request.
At download, the client supplies the key again and the server decrypts on the fly before streaming the result.
The key is never persisted — not to disk, not to memory between requests.
Breach-Resistant by Construction
Full server compromise delivers ciphertext for every file the storage volume holds.
The folder names and filenames on disk are also encrypted — an attacker who gains filesystem access finds neither readable content nor a recognizable directory layout.
The encryption guarantee does not depend on the server remaining uncompromised.