Security & Privacy
Understanding NookFile's zero-knowledge architecture and encryption technology
Zero-Knowledge Architecture
What is Zero-Knowledge?
Zero-knowledge architecture means that NookFile has absolutely zero knowledge of your data. We cannot see, access, or decrypt your files at any point in the process. This is achieved through client-side encryption where all cryptographic operations happen in your browser.
- • Your original files
- • File contents or metadata
- • Encryption keys
- • Passwords (if used)
- • File names or types
- • Encrypted file blobs
- • Expiry timestamps
- • File count and total size
- • Download logs (anonymous)
- • Share metadata (encrypted)
Encryption Technology
AES-256-GCM
We use Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode, the same encryption used by governments and military organizations worldwide.
Web Crypto API
All cryptographic operations use the browser's native Web Crypto API, ensuring operations are performed securely and efficiently.
How Encryption Works
Key Management & URL Security
How Encryption Keys Work
Each upload generates a unique 256-bit encryption key that never leaves your browser during upload. The key is embedded in the share URL fragment (the part after #), which is never sent to our servers.
Example Share URL Structure:
Security Benefits
- • Keys never transmitted to servers
- • Each upload has a unique key
- • Keys are cryptographically random
- • Impossible to guess or bruteforce
- • No key recovery by service provider
Important Notes
- • Complete URL required for decryption
- • Lost URLs cannot be recovered
- • Share URLs securely
- • Anyone with URL can decrypt files
- • URLs are case-sensitive
Privacy Guarantees
No Data Collection
We don't collect personal information, track users, or analyze file contents. Only essential metadata for service operation is stored.
Automatic Deletion
All files are automatically deleted after expiry. No backups or copies are retained. Deletion is permanent and irreversible.
Open Source
Our client-side encryption code is open source and auditable. You can verify exactly how your data is protected.
Security Best Practices
For Senders
- Use strong passwords for additional protection
- Share URLs through secure channels (encrypted messaging)
- Send passwords separately from URLs
- Choose shorter expiry times for sensitive files
- Verify recipient identity before sharing
For Recipients
- Verify the sender's identity before downloading
- Download files promptly before expiry
- Use the complete URL including the # part
- Scan downloaded files with antivirus software
- Don't share received URLs with others
Compliance & Standards
GDPR Compliant
Data minimization and privacy by design
ISO 27001 Principles
Information security management standards
NIST Guidelines
Cryptographic standards and best practices
Important Security Notice
While NookFile provides strong encryption and privacy protection, remember that security is a shared responsibility. Always follow best practices when sharing sensitive files and verify the identity of people you're sharing with.