We Can't Read Your Files. Literally.
Most cloud storage services encrypt your files — but they hold the keys. CopyClap is different. Your files are encrypted inside your browser before they ever leave your device. We store only locked boxes. You keep the only key.
Traditional Cloud Storage
How most services work
You upload a file. The service encrypts it on their servers. They hold the decryption key. If their servers are hacked, a rogue employee acts up, or a government requests data — your files can be opened.
The risk:
- Service can read your files anytime
- Hacked? Files exposed
- Insider access? Employees can peek inside
CopyClap
Private by design
You upload a file. Your browser encrypts it before sending. The server receives only scrambled data. Without your password, no one can decrypt your files.
The result:
- We cannot read your file contents
- Storage breach? Files stay encrypted
- Insider access? No one can open your files
How Your Files Stay Private
Every step happens inside your browser. The server is just a delivery truck.
Select
You choose a file in your browser. Nothing is sent yet.
Encrypt
Your browser generates a unique encryption key and scrambles the file into unreadable ciphertext.
Upload
Only the scrambled data is uploaded. The encryption key is wrapped with your vault key and sent alongside it — also encrypted.
Download
When you want the file back, we give you the scrambled data and the encrypted key.
Decrypt
Your browser derives your vault key from your password, unwraps the file key, and decrypts the content — all locally.
What We See vs. What We Don't
Transparency is the foundation of trust. Here's exactly what we can and cannot access.
What We Can See
Necessary for the service to function
- Your email address (for login)
- Encrypted file blobs (scrambled, unreadable data)
- File sizes (in bytes, not the actual content)
- Upload and download timestamps
- Your storage quota usage
What We Cannot See
Only accessible with your password
- Your vault password— never leaves your browser
- Your file contents— encrypted before upload
- Your filenames— encrypted inside metadata
- Decryption keys— generated and stay in your browser
- Share passwords— verified, never stored in plaintext
Secure Sharing
Share files with anyone — without giving us the key.
Open Links
Anyone with the link can download. The link itself contains the decryption capability — but only for that specific file. We store only a one-way hash of the link token, not the token itself.
Password-Protected Links
Add a password and the file key is encrypted with a key derived from that password. Even if someone intercepts the link, they cannot decrypt without the password. We verify passwords using industry-standard hashing — we never store them in plaintext.
Forgot Your Password? You're Not Locked Out.
Since we don't know your password, we can't reset it for you. But you can set up a recovery phrase when you create your vault.
Your recovery phrase is a sequence of words generated from random entropy. From this phrase, your browser derives a recovery key — completely separate from your vault password. The recovery key encrypts a backup of your vault key, which is stored on our server. If you forget your password, you can use your recovery phrase to restore access. Without the recovery phrase, even we cannot help you.
Common Questions
Can CopyClap staff read my files?
No. We store only encrypted data. Decryption happens in your browser, and we do not have your password or keys. Even with full database access, your file contents cannot be read without your password.
What happens if CopyClap gets hacked?
An attacker would gain access to encrypted file blobs and encrypted keys — both useless without your vault password. Your actual file contents would remain safe.
Can you decrypt my files if legally required?
No. We do not have your password, vault key, or file keys. We can only provide the encrypted data we store, which cannot be read without your credentials.
Is my password sent to your server?
No. Your vault password is used only inside your browser to derive your vault key. It is never sent to our servers.
How do share links work?
When you create a share link, your browser encrypts the file key with a key derived from the share token (or a password, if you set one). We store only the encrypted key and a hash of the token. The actual token stays in the link, which you share directly with the recipient.
What if I forget my vault password and lost my recovery phrase?
Your files cannot be recovered. We intentionally have no way to restore your keys. This is the trade-off of privacy: no one but you can access your data.
Ready to take back your privacy?
Your files. Your keys. Our servers just store the locked boxes.