Zeerga
Security at the core

Your files. Encrypted. Always.

Zeerga uses zero-knowledge end-to-end encryption — your files are encrypted on your device before they leave, with keys only you control. We can't read your data even if we wanted to.

How encryption works at Zeerga

Three layers of protection — designed so no one (including us) can access your data without your password.

1

Client-side encryption

Your files are encrypted with AES-256-GCM on your device before any byte leaves. The encryption key is derived from your password using Argon2id (memory-hard, resistant to GPU brute force).

2

Encrypted transport

Already-encrypted data travels over TLS 1.3 with perfect forward secrecy. Even if someone records your traffic and steals our private key tomorrow, past sessions stay safe.

3

Sharing with RSA-4096

When you share a file, your file-key is encrypted with the recipient's RSA-4096 public key. Only they can decrypt and read it. Revoke at any time — old links stop working immediately.

What we never see

File contents

Encrypted before upload. Always.

File names & folder structure

Stored as opaque encrypted blobs server-side.

Your password

Never transmitted, never stored. We see only Argon2 hashes.

Encryption keys

Derived locally. Never leave your device.

Important trade-off: Because we don't have your encryption keys, we cannot recover your account if you lose your password. Set up a recovery phrase in your account settings — it's the only way back in.

Compliance & certifications

Designed and operated with widely-recognized security frameworks in mind.

ISO 27001-aligned

Information security management practices follow ISO 27001 controls.

SOC 2 controls

Engineered around the trust services criteria: security, availability, confidentiality.

GDPR

EU data protection compliant. Data Processing Agreement on request.

Encryption at rest

AES-256 + RSA-4096 — keys never leave your device.

Responsible disclosure program

Found a security issue? We want to hear about it. We work with security researchers in good faith — report responsibly and we'll respond within 48 hours, credit you in our Hall of Fame, and send a thank-you package.

Our scope, safe-harbor terms, and submission guidelines are in /.well-known/security.txt.

What's in scope

  • Authentication and authorization flaws
  • Server-side bugs leading to data exposure
  • Cryptographic weaknesses in our client libraries
  • Client-side issues that weaken E2E protections
View security.txt →

security@zeerga.com

Our security model

Zero-knowledge architecture means the burden of trust is moved off our servers. Even if we wanted to read your files, the keys aren't on our side.

Continuous monitoring

Production infrastructure is monitored 24/7 for anomalies; access is logged and reviewed.

Encrypted by default

Every file, filename, and folder structure is encrypted client-side before upload.

Least-privilege access

Internal staff have no access to user data. Administrative actions require multi-party review.

Open to research

Our cryptographic protocols are documented. Independent review summaries are available on request.