What the server can see

Honesty about the boundary matters. Here's exactly what Oten Cloud does and does not have.

What the server stores

  • Opaque encrypted blobs — your file contents, as ciphertext it cannot read.

  • Minimal bookkeeping — identifiers, version counters, and timestamps needed to sync and resolve conflicts.

  • Account and sharing routing — enough to deliver a share to a recipient and enforce its expiration.

What the server never has

  • No plaintext — not file contents, not file names, not folder structure, not vault names.

  • No keys — no user seed, no vault seed, no layer or file keys. Ephemeral keys are never stored anywhere, on device or server.

  • No passwords or PINs — these are verified locally and never transmitted.

  • No layer count — the server cannot tell how many Shadow Layers a vault has, or whether a vault has more than one.

What metadata can imply

Zero-knowledge is not zero-metadata. The server can observe operational facts such as that an account is active, when it syncs, and the approximate size and number of encrypted blobs. It cannot read them, but the existence and timing of activity is visible.

Why this is the point

Because there is no plaintext and no key on the server, there is nothing meaningful to hand over — to an attacker who breaches the cloud, an insider, or a legal order. The system is designed so that "trust us" isn't required: the server couldn't read your files even if it wanted to.

See also: How your data is protected · What Shadow Layers do not protect against

Last updated