Your files are encrypted on your device, stored as ciphertext, and unlockable only with the keys you choose.
Most services ask you to trust that they will not look at your data. Privatt is built so that it cannot. With client-side encryption your keys are derived and used on your device, and we store only ciphertext — privacy you can rely on, not just a policy.
Every vault is encrypted. You decide who can open it — only you, only with Privatt, or both — and switch anytime.
Your key comes from a passphrase only you know, so Privatt can never read your vault. You enter your passphrase on each device and keep a one-time recovery key.
Like a bank safe-deposit box, opening your vault takes two keys — yours (your passphrase) and Privatt's. Neither of us can open it alone, so stolen data is worthless without both. You keep a passphrase and a one-time recovery key.
We hold your key, so you sign in from any device with nothing extra to remember and no risk of locking yourself out. Because we hold the key, Privatt can read your files (and scan them for malware) — this option isn't zero-knowledge.