Your files are encrypted before they leave your device and remain encrypted at rest in our cloud. During transfer, they are protected again within a TLS-secured channel - meaning the data is encrypted twice in transit: first by AES-256 for the payload, and second by TLS for the transport session.
Lightsafe secures your data with client-side military grade AES-256 encryption using modern, vetted cryptographic libraries. Lightsafe operates a strict zero-knowledge model: we never store, possess, or can reconstruct your encryption keys, and therefore cannot decrypt or view your data.
Furthermore, it is technically impossible for Lightsafe to help any third party access data. Data can only be decrypted using the correct encryption key.
Key generation, storage, and lifecycle management rest solely with you; if keys are lost or compromised, access to the associated data cannot be restored..
Lightsafe Platform will actively nag customers to carry out simple per-machine test-restores at regular intervals. This ensures the customer has access to encryption keys in case of disaster. And it helps reinforce complete confidence in the product.