Security

Learn exactly how Filarr protects your data with zero-knowledge architecture and end-to-end encryption.

AES-256-GCM Encryption

Every file is encrypted locally on your device with AES-256-GCM, the encryption standard used by intelligence agencies and financial institutions. The encryption key is derived from your master password using PBKDF2 (Argon2id available depending on the environment).

Your Device

Encryption happens here

AES-256-GCM

Encrypted Blob

7f3a8c9e1b2d4f6a...

Our Servers

Cannot decrypt. No keys. Zero knowledge.

Zero-Knowledge Architecture

Your encryption keys never leave your device. File contents are encrypted client-side before any transfer. Filarr never knows your password or keys. Note: some metadata (filenames, sizes, dates) may be visible to the server for service operation.

Local Encryption
Private Keys
Zero Server Access
Open Source Audit

Threat Model

Filarr is built to withstand a wide range of threats: server compromise, man-in-the-middle attacks, malicious insiders, government subpoenas. Our code is open source and auditable by anyone.

  • Server CompromiseProtected
  • MITM AttackProtected
  • Malicious InsiderProtected
  • Government SubpoenaData Unreadable
  • Brute ForceArgon2id + 256-bit

Compliance & Certifications

Filarr is designed with GDPR and CCPA principles in mind. The client-side encryption architecture means we are technically unable to access your file contents. Filarr is not SOC2 Type II certified at this time.

GDPR / RGPD

Compliant by design

CCPA

California data protection

SOC2 Type II

Audits in progress

HIPAA

Encryption compatible