Skip to main content

SECURITY

Security is not a feature.
It's the architecture.

CIPH4 is built on a zero-knowledge architecture. Your encryption keys never leave your browser. We cannot read your data — by design, not by policy.

AES-256-GCMEncryption
SHA-256Audit Chain
Ed25519Receipt Signing
TLS 1.2+ (1.3 preferred)Transport

THE FLOW

How your data stays private

Three steps. The encryption key lives in the URL fragment and never reaches our servers.

01

Sender encrypts

  • AES-256-GCM key generated in browser
  • Plaintext encrypted entirely client-side
  • Only ciphertext sent to the server
02

Server stores ciphertext

  • No key, no plaintext ever reaches the server
  • Hash-chained audit log records every event
  • Tamper-evident by cryptographic design
03

Recipient decrypts

  • Key extracted from URL fragment (never sent to server)
  • Decryption happens entirely in the browser
  • Ciphertext burned after viewing

THE HONESTY

What we can, and cannot, see

Trust is built on precision. Here is exactly what reaches our servers and what does not.

We never see

  • Drop contents (encrypted in your browser)
  • Encryption keys (live in the URL fragment, never sent)
  • Recipient passphrases (bcrypt-hashed before storage)
  • Decrypted file bytes (never exist on our infrastructure)

We do see

  • Drop titles, descriptions, and recipient email addresses
  • Audit-log entries (actor ID, IP, timestamp, event type)
  • Account information needed to bill and authenticate you
  • Aggregate usage signals (drop counts, storage totals, plan tier)

Sensitive operational secrets (SMTP passwords, OIDC client secrets, webhook signing keys) are encrypted at rest with a dedicated key. User identifiers are hashed before reaching the log stream. Stack traces are stripped in production.

THE ARCHITECTURE

Six layers of protection

Each layer below maps to a shipped module with public verification surfaces.

01

Encryption

AES-256-GCM

  • Client-side encryption via Web Crypto API
  • 256-bit random key generated per drop
  • Authenticated encryption prevents tampering
  • No key escrow, no backdoor, no master key
02

Audit chain

SHA-256 hash-linked

  • Every event chained with prior entry hash
  • Atomic database locks serialize chain writes
  • Any tampering breaks the chain immediately
  • Independently verifiable via API or SDK
03

Deletion

Two-stage physical zero

  • Ciphertext zeroed in DB transaction
  • Blob storage deleted after commit
  • Ed25519-signed Proof-of-Deletion Receipts
  • Receipts anchored to audit hash chain
04

Access control

RBAC + SSO + SCIM

  • Org roles: User, Security Manager, Compliance Auditor
  • SSO standards: SAML 2.0 and OIDC (tested with Azure AD, Okta, Google Workspace)
  • SCIM 2.0 automated user provisioning
  • Org-wide MFA enforcement with grace period
05

Infrastructure

Hardened managed cloud runtime

  • Managed application runtime with TLS
  • Relational database encrypted at rest (AES-256)
  • Geo-redundant encrypted object storage
  • HSTS preload, CSP nonce, CORS allowlist
06

Compliance

Framework templates

  • SOC 2, HIPAA, GDPR, ISO 27001, NIST 800-53, FedRAMP, CMMC
  • Automated control mapping & health scoring
  • Risk registers & vendor assessments
  • Scheduled audit report generation

THE RECEIPTS

How we back the claims

Every number on this page maps to shipped code, a CI gate, or a public endpoint.

7 days
Maximum exposure window

Enforced at five layers: Zod schema, plan tier, org policy, server gate, DB CHECK constraint.

0
Plaintext bytes on our servers

Client-side AES-256-GCM. Encryption key lives in the URL fragment and never reaches origin.

90+
Automated IDOR tests per PR

Blocking CI gate. Every pull request runs the full cross-tenant sweep before merge.

6
Threat-detection rules per drop

IP scanning, geo anomaly, rapid access, link forwarding, brute force, unusual access times.

Indefinitely
Receipts verifiable on /verify

Ed25519-signed Proof-of-Deletion Receipts. Drop any receipt into our public verifier — no account required.

Continuous
Audit-chain re-verification

Daily cron walks the SHA-256 hash chain. Any break emits a severity-critical security alert.

THE PRACTICES

How we build and operate

The boring-but-load-bearing day-to-day discipline. None of these are aspirational.

Secure development

  • Code review on every merge
  • 90+ automated IDOR security tests
  • npm audit with strict allowlist
  • Zod schema validation on every API input
  • Prisma ORM only — no raw SQL
  • CSP with per-request nonce

Data protection

  • Field-level encryption for secrets in DB
  • Automated log redaction (never-log list)
  • No plaintext passwords or tokens stored
  • 7-day max drop lifetime at every layer
  • CORS restricted to explicit origin allowlist
  • Env vars validated via Zod at boot

Network security

  • SSRF validation on all outbound URLs
  • Private IP range blocking (RFC 1918)
  • DNS rebinding protection at dispatch
  • Rate limiting on all auth endpoints
  • TLS 1.2+ (1.3 preferred) everywhere, HSTS with preload
  • Redirect-following disabled on webhooks

THE INFRASTRUCTURE

What sits behind the SaaS

The capability surface your security-review team can put a name to. Vendor specifics shared during security review.

Auto-scaling runtime

Managed application runtime with auto-scaling, zero-downtime deploys, and managed TLS. CSP nonce per request; HSTS preloaded. Multi-region failover-ready.

Encrypted, geo-redundant database

Relational database encrypted at rest (AES-256). Write-primary plus read replica for traffic split. Automated backups with point-in-time recovery.

Reliable background processing

Background work — webhooks, outbound email, cron sweeps — routes through a managed message queue with dead-letter handling and scheduled delivery.

Bring your own observability

Logs and traces stream to your choice of OTLP-compatible backend: Application Insights, Datadog, Honeycomb, Sumo Logic, or your own collector.

Continuous audit-chain verification

Daily cron walks the SHA-256 hash chain. Any tamper produces a severity-critical security alert on detection.

Hardened cron surface

Every scheduled task gated by timing-safe Bearer-token comparison with a per-IP failure bucket (10/hour). No enumeration channel.

THE OPEN CHECKS

Verify our claims yourself

Every claim on this page maps to a public endpoint or open specification. Read the code, run the verifier, generate your own receipts.

Public deletion-receipt verifier

Drop in any Ed25519-signed Proof-of-Deletion Receipt. We verify the signature against our published keys and surface the destruction event — no account required.

OpenAPI specification

Full API surface, machine-readable. Audit endpoints, scopes, and request shapes before you integrate.

Audit chain integrity

Every audit row is SHA-256 hash-linked. The audit-verify endpoint walks the chain and reports any break.

Questions about our security?

Our team is ready to discuss architecture, provide compliance documentation, or schedule a security review.

Contact security teamRead the docs