Skip to main content
Genie9

Zero-Knowledge Statement - Nygma.ai

Last Updated: March 18, 2025

This Zero-Knowledge Statement explains the technical architecture and security principles underlying Nygma.ai's zero-knowledge encryption system. This statement is provided for transparency and to help users understand the security guarantees and limitations of our service.

1. Definition of Zero-Knowledge

1.1 Zero-Knowledge Encryption

Zero-knowledge encryption is a security model where:

  • • All data is encrypted on the user's device before transmission
  • • Encryption keys are generated and controlled exclusively by the user
  • • The service provider (Genie9) cannot access, read, or decrypt user data
  • • Even under legal compulsion, we cannot provide access to encrypted content

1.2 Technical Implementation

Our zero-knowledge architecture ensures that:

  • • Encryption and decryption occur client-side using user-controlled keys
  • • Servers only store encrypted data blocks that are unintelligible without user keys
  • • No decryption keys are stored on our servers or transmitted to us
  • • Authentication occurs without revealing encryption keys

1.3 Scope of Zero-Knowledge

Zero-knowledge protection applies to:

  • • File content and data stored in your vault
  • • File names (when name encryption is enabled)
  • • Folder structures and organization
  • • Shared data and collaborative content
  • • Personal notes and metadata you choose to encrypt

2. Encryption Standards

2.1 Encryption Algorithms

  • Symmetric Encryption: AES-256 in GCM mode for data encryption
  • Key Derivation: PBKDF2 with SHA-256 and minimum 100,000 iterations
  • Asymmetric Encryption: RSA-4096 or ECDH P-384 for key exchange
  • Random Number Generation: Cryptographically secure random number generators

2.2 Key Generation

  • • Master keys generated from user passwords using strong key derivation functions
  • • Individual file encryption keys generated using cryptographically secure random sources
  • • Key derivation parameters (salt, iterations) unique per user
  • • No weak or predictable key generation methods

2.3 Encryption Process

  1. 1. User data encrypted client-side with randomly generated file keys
  2. 2. File keys encrypted with user's master key
  3. 3. Encrypted data and encrypted keys transmitted separately
  4. 4. No plaintext data or keys ever leave the user's device

5. Data Access Limitations

5.1 Technical Impossibility

Due to our zero-knowledge architecture:

  • • We cannot access file content even if legally compelled
  • • We cannot search within encrypted files
  • • We cannot recover data if users lose their master password
  • • We cannot provide plaintext data to law enforcement

5.2 What We Can Access

We can access only:

  • • Encrypted data blocks (unintelligible without user keys)
  • • Non-encrypted metadata (file sizes, upload timestamps)
  • • Account information (email, subscription status)
  • • Usage statistics (storage consumed, bandwidth used)

5.3 Legal and Regulatory Compliance

  • • We comply with legal requests to the extent technically possible
  • • Court orders cannot compel us to decrypt zero-knowledge encrypted data
  • • We provide transparency reports about government requests
  • • Users maintain full control over their encrypted data

8. Metadata Handling

8.1 Encrypted Metadata

When enabled, the following metadata is encrypted:

  • • File and folder names
  • • File organization and hierarchy
  • • User-generated tags and descriptions
  • • Custom metadata fields

8.2 Unencrypted Metadata

The following metadata remains unencrypted for service operation:

  • • File sizes and storage quotas
  • • Upload and modification timestamps
  • • Access logs and usage statistics
  • • Synchronization information

8.3 Metadata Privacy

  • • Unencrypted metadata minimized to operational necessity
  • • Metadata retention policies clearly defined
  • • No sensitive content exposed through metadata
  • • User control over metadata encryption settings

10. Limitations and Considerations

10.1 System Limitations

  • • Zero-knowledge encryption may impact some service features
  • • Search capabilities limited to unencrypted metadata
  • • Server-side processing of encrypted content not possible
  • • Recovery options limited when master passwords are lost

10.2 User Responsibilities

  • • Secure master password selection and management
  • • Regular backup of critical encryption keys
  • • Understanding of zero-knowledge implications
  • • Compliance with applicable laws and regulations

10.3 Performance Considerations

  • • Client-side encryption may impact performance on older devices
  • • Larger files require more processing time for encryption/decryption
  • • Network bandwidth affects encrypted file transfer speeds
  • • Local storage requirements for key caching

13. Contact and Verification

13.1 Security Questions

For questions about our zero-knowledge implementation:

  • • Email: security@genie9.com
  • • Technical documentation available upon request
  • • Security white papers and implementation details

13.3 Legal Contact

Genie9 LTD

3 Shortlands

W68DA, London

United Kingdom

Email: legal@genie9.com

This Zero-Knowledge Statement was last updated on March 18, 2025. We are committed to maintaining and improving our zero-knowledge architecture to protect user privacy and security.

← Back to Nygma Legal Center
AI Built