Security & Privacy

Understanding NookFile's zero-knowledge architecture and encryption technology

Zero-Knowledge Architecture

What is Zero-Knowledge?

Zero-knowledge architecture means that NookFile has absolutely zero knowledge of your data. We cannot see, access, or decrypt your files at any point in the process. This is achieved through client-side encryption where all cryptographic operations happen in your browser.

What We Can't See
  • • Your original files
  • • File contents or metadata
  • • Encryption keys
  • • Passwords (if used)
  • • File names or types
What We Store
  • • Encrypted file blobs
  • • Expiry timestamps
  • • File count and total size
  • • Download logs (anonymous)
  • • Share metadata (encrypted)

Encryption Technology

AES-256-GCM

We use Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode, the same encryption used by governments and military organizations worldwide.

256-bit encryption keys
Authenticated encryption
Tamper detection

Web Crypto API

All cryptographic operations use the browser's native Web Crypto API, ensuring operations are performed securely and efficiently.

Hardware acceleration
Secure random generation
Memory protection

How Encryption Works

1
Key Generation
256-bit key created in your browser
2
File Encryption
Files encrypted with AES-256-GCM
3
Secure Upload
Encrypted data sent to cloud storage
4
Key in URL
Encryption key embedded in share link

Key Management & URL Security

How Encryption Keys Work

Each upload generates a unique 256-bit encryption key that never leaves your browser during upload. The key is embedded in the share URL fragment (the part after #), which is never sent to our servers.

Example Share URL Structure:

https://nookfile.com/d/abc123xyz789#SGVsbG8gV29ybGQ
The part after # contains the Base64-encoded encryption key

Security Benefits

  • • Keys never transmitted to servers
  • • Each upload has a unique key
  • • Keys are cryptographically random
  • • Impossible to guess or bruteforce
  • • No key recovery by service provider

Important Notes

  • • Complete URL required for decryption
  • • Lost URLs cannot be recovered
  • • Share URLs securely
  • • Anyone with URL can decrypt files
  • • URLs are case-sensitive

Privacy Guarantees

No Data Collection

We don't collect personal information, track users, or analyze file contents. Only essential metadata for service operation is stored.

Automatic Deletion

All files are automatically deleted after expiry. No backups or copies are retained. Deletion is permanent and irreversible.

Open Source

Our client-side encryption code is open source and auditable. You can verify exactly how your data is protected.

Security Best Practices

For Senders

  • Use strong passwords for additional protection
  • Share URLs through secure channels (encrypted messaging)
  • Send passwords separately from URLs
  • Choose shorter expiry times for sensitive files
  • Verify recipient identity before sharing

For Recipients

  • Verify the sender's identity before downloading
  • Download files promptly before expiry
  • Use the complete URL including the # part
  • Scan downloaded files with antivirus software
  • Don't share received URLs with others

Compliance & Standards

GDPR Compliant

Data minimization and privacy by design

ISO 27001 Principles

Information security management standards

NIST Guidelines

Cryptographic standards and best practices

Important Security Notice

While NookFile provides strong encryption and privacy protection, remember that security is a shared responsibility. Always follow best practices when sharing sensitive files and verify the identity of people you're sharing with.