Carbon
Security

Private by design, not by promise.

Most services promise privacy but retain the ability to access your data. Carbon is architected so that we cannot read your files, even if we wanted to. This isn't a policy - it's math.

Zero-Knowledge Architecture

We never see your unencrypted data. Files are encrypted on your device before upload using keys that never leave your control. Even if compelled by law, we can only provide encrypted blobs.

  • Client-side encryption with age (modern, audited crypto)
  • Keys derived from your password, never stored on our servers
  • Encrypted metadata - we don't know file names or types
  • No server-side decryption capability by design

Swiss Data Storage

Your encrypted data is stored in Switzerland, one of the world's strongest privacy jurisdictions. Swiss law requires a Swiss court order for data requests, providing an additional legal barrier.

  • Data centers in Zurich, Switzerland
  • Outside US and EU jurisdiction
  • Strong privacy laws with constitutional protection
  • No participation in mass surveillance agreements

Verifiable by You

Don't trust us - verify. Carbon Sync provides SSH access to your storage account. You can directly inspect, download, or delete your encrypted files at any time.

  • SSH access to your personal storage namespace
  • Standard tools work (rsync, scp, sftp)
  • Export everything anytime - no lock-in
  • Verify file integrity with checksums

Local AI Processing

Our AI features run entirely on your device. File search, organization suggestions, and smart features work without sending your data to any cloud AI service.

  • AI models run locally using Apple Silicon / GPU
  • No data sent to OpenAI, Google, or any third party
  • Works offline after initial model download
  • Your prompts and results stay on your device

Technical Specifications

The cryptographic details for those who want to verify our claims.

Encryption

AlgorithmChaCha20-Poly1305 (via age)
Key derivationscrypt (N=2^15, r=8, p=1)
Key size256-bit symmetric keys
Implementationage-encryption (audited)

Transport

ProtocolTLS 1.3 only
Certificate pinningYes (mobile apps)
HSTSEnabled with preload
Forward secrecyRequired

Storage

File systemZFS with encryption at rest
SnapshotsImmutable, hourly for 7 days
Replication3x across Swiss DCs
DeletionCryptographic erasure

Authentication

Password hashingArgon2id
2FATOTP and WebAuthn/Passkeys
Session tokens256-bit, rotated daily
Rate limitingAggressive, per-IP and per-account

Audits & Compliance

We believe in transparency. Here's where we are and where we're going.

Independent Security Audit

Planned Q2 2026

We're planning a comprehensive security audit by a reputable third-party firm. Results will be published publicly.

Open Source Encryption

In Progress

Our encryption libraries will be open-sourced for community review. Core encryption uses the well-audited age library.

GDPR Compliance

Compliant

Full GDPR compliance including right to erasure, data portability, and data minimization by design.

SOC 2 Type II

Planned 2026

Working toward SOC 2 Type II certification for enterprise customers who require formal compliance.

What we actually store

When you upload a file, we receive encrypted bytes. We don't know if it's a photo, a document, or your tax returns. We can't read it, search it, or train AI on it.

This is what zero-knowledge actually means: the knowledge doesn't exist on our servers. Even under legal compulsion, we can only provide encrypted data that's useless without your key.

// What you upload
confidential-report.pdf
family-photos-2024.zip
passwords.txt

// What we store
age1ql3z7hjy54pw3hyww5...
XzhsdGVkIGNpcGhlcnRleH...
mQ4YWNlZDc1ZjY4NTU2OW...

// What we can read
Nothing.

What We Protect Against

Carbon employees reading your files
Hackers breaching our servers
They'd get encrypted blobs
Government subpoenas to Carbon
We can only provide encrypted data
Your device being compromised
If they have your device, they have your keys
You losing your password
Zero-knowledge means we can't help recover
Nation-state targeting you specifically
No tool protects against all threats

A note on honesty: No security system is perfect. We're transparent about what we protect against and what we don't. If someone has physical access to your unlocked device, or if you use a weak password, those are risks outside our control. Strong security requires good practices on both ends.

Questions about our security?

We're happy to discuss our security approach in detail.

Contact Security TeamLearn About Carbon Sync