NYGMA.AI
Last Updated: March 18, 2025
This Zero-Knowledge Statement explains the zero-knowledge encryption architecture of the Nygma.ai service (“Service”) operated by Genie9 LTD (“Genie9”, “we”, “us”, or “our”), a company registered in England and Wales with company registration number 08669198.
This statement is designed to help you understand what zero-knowledge encryption means, how we implement it, and what implications it has for your data privacy, security, and legal considerations.
1. WHAT IS ZERO-KNOWLEDGE ENCRYPTION?
1.1 Definition
- Zero-knowledge encryption is an approach where the service provider (Genie9) has zero knowledge of your encryption keys and therefore cannot access, view, or decrypt your data
- All encryption and decryption happens exclusively on your device, not on our servers
- We store only encrypted data that we cannot decrypt
1.2 Different from Standard Encryption
- Standard cloud encryption: The service provider holds the encryption keys and can access your data
- Zero-knowledge encryption: Only you hold the encryption keys; the provider cannot access your data
- This is a technical limitation, not merely a policy choice
1.3 Mathematical Foundation
- Based on public-key cryptography and symmetric encryption
- Relies on well-established cryptographic algorithms (AES-256-GCM, ChaCha20-Poly1305)
- Provides mathematical guarantees of security when implemented correctly
2. HOW NYGMA.AI IMPLEMENTS ZERO-KNOWLEDGE ENCRYPTION
2.1 Client-Side Encryption Process
- When you create a file:
- Your device generates encryption keys
- Your device encrypts the file using these keys
- Your device encrypts the filename and metadata
- Only the encrypted data is sent to our servers
- The encryption keys never leave your device
2.2 Key Management
- Your master key is derived from your password using PBKDF2 with 100,000 iterations
- This master key is used to encrypt randomly generated content and metadata keys
- The encrypted keys are stored on our servers but can only be decrypted with your password
- Your password is never sent to our servers; authentication uses a zero-knowledge proof
2.3 Authentication
- During account creation, your device generates a password hash
- We store this hash to verify your identity during login
- The hash cannot be reversed to obtain your actual password
- When you log in, we verify your credentials without seeing your actual password
2.4 Recovery System
- During encrypted drive creation, a recovery key is generated
- This recovery key can decrypt your data if you forget your password
- The recovery key is displayed once for you to save securely
- We do not store a copy of your recovery key
3. VERIFICATION OF ZERO-KNOWLEDGE CLAIMS
3.1 Open Architecture
- Our encryption architecture follows established cryptographic standards
- We use standard, well-reviewed cryptographic libraries
- Our implementation can be verified by security experts
3.2 Client-Side Verification
- All encryption and decryption operations visibly occur in your browser
- Network monitoring tools can verify that only encrypted data is transmitted
- No decryption keys are ever transmitted to our servers
3.3 Independent Verification
- We welcome independent security reviews and audits
- Security researchers can verify our zero-knowledge implementation
- We maintain transparency about our security practices
4. IMPLICATIONS FOR DATA ACCESS
4.1 Genie9’s Technical Inability to Access Your Data
- We cannot view the contents of your files
- We cannot see your filenames or folder structure
- We cannot determine what types of files you store
- We cannot search within your files
- We cannot scan your files for malware or prohibited content
4.2 Data Recovery Limitations
- We cannot reset your password in the traditional sense
- We cannot recover your data if you lose both your password and recovery key
- This limitation is a direct result of our zero-knowledge architecture
- Data loss in these circumstances is permanent and irreversible
4.3 Service Limitations
- We cannot provide server-side search functionality
- We cannot generate thumbnails or previews on our servers
- We cannot automatically categorize or organize your files
- All these functions must occur on your device after decryption
5. LAW ENFORCEMENT AND LEGAL REQUESTS
5.1 Response to Legal Requests
- We comply with valid legal orders to the extent technically possible
- Due to our zero-knowledge architecture, we can only provide:
- Account information (email, registration date, etc.)
- Payment information we have access to
- Login history and IP addresses
- Encrypted data (which remains unreadable without your keys)
5.2 Technical Impossibility
- We cannot provide decrypted content of your files
- We cannot provide decrypted filenames or folder structures
- This is not a policy decision but a technical impossibility
- We cannot build a “backdoor” without fundamentally changing the service architecture
5.3 Legal Precedent
- Courts have generally recognized that service providers cannot be compelled to provide information they do not have
- The technical impossibility of accessing encrypted data has been recognized in various legal jurisdictions
- We will explain this technical limitation to authorities when responding to legal requests
6. USER RESPONSIBILITIES IN A ZERO-KNOWLEDGE SYSTEM
6.1 Password and Recovery Key Management
- You are solely responsible for remembering your password
- You must store your recovery key in a secure location
- Loss of both your password and recovery key will result in permanent data loss
- We cannot assist with recovery in these circumstances
6.2 Legal Compliance
- You are responsible for ensuring your use of the Service complies with applicable laws
- Our inability to access your data does not absolve you of legal responsibilities
- You should not use the Service to store illegal content
- Law enforcement may still have legal means to obtain your encryption keys directly from you
6.3 Security Best Practices
- Use strong, unique passwords
- Store your recovery key securely, preferably offline
- Enable two-factor authentication when available
- Keep your devices secure with up-to-date software
- Lock your encrypted drives when not in use
7. LIMITATIONS OF ZERO-KNOWLEDGE ENCRYPTION
7.1 Metadata We Can Access
- While content is fully encrypted, we do have access to certain account metadata:
- When you log in and from what IP address
- When you create or access encrypted drives (but not their contents)
- The amount of encrypted data stored (but not what the data contains)
- Payment and subscription information
7.2 Security Boundaries
- Zero-knowledge encryption protects data stored in our system
- It does not protect against:
- Compromised devices where you access your account
- Malware that captures your keystrokes or screenshots
- Vulnerabilities in your web browser or operating system
- Physical observation of your screen (“shoulder surfing”)
7.3 Sharing Limitations
- When you share files:
- Decryption keys are shared via URL fragments
- Recipients gain access to the shared data
- This creates a point where data protection depends on the recipient’s practices
- We cannot control how recipients handle decrypted shared data
8. ADVANCED SECURITY FEATURES
8.1 Duress Mode in the Zero-Knowledge Context
- Duress Mode provides an alternate password that reveals decoy content
- This feature works entirely client-side within our zero-knowledge architecture
- Our servers cannot distinguish between normal access and duress access
- The system mathematically treats both as legitimate authentication paths to different encrypted spaces
8.2 Time Bomb in the Zero-Knowledge Context
- Time Bomb automatically locks or wipes data after configured inactivity
- This feature operates client-side according to your device’s local time
- Our servers do not control this feature; it is implemented in your browser
- Wiping is permanent due to the zero-knowledge architecture
9. TRANSPARENCY AND VERIFICATION
9.1 Transparency Reports
- We publish regular transparency reports
- These reports detail government requests for user data
- Reports include how we responded within our technical limitations
- We are committed to user privacy while complying with valid legal orders
9.2 Security Assessments
- We undergo regular independent security assessments
- These assessments verify our zero-knowledge implementation
- Results inform continuous improvements to our security architecture
9.3 User Verification
- Our zero-knowledge implementation can be verified by technical users
- We provide documentation of our security architecture
- We are transparent about the limitations of our implementation
10. CHANGES TO THIS STATEMENT
10.1 Statement Updates
- We may update this Zero-Knowledge Statement from time to time
- Material changes will be communicated to users
- The current version will always be available on our website
10.2 Architecture Changes
- Any fundamental changes to our zero-knowledge architecture would be clearly communicated
- We are committed to maintaining our zero-knowledge approach as a core principle of the Service
11. CONCLUSION
Our zero-knowledge encryption architecture represents our commitment to providing the highest level of privacy and security for your data. By technically removing our ability to access your data, we protect it not only from external threats but also from internal access, legal compulsion, and other potential privacy risks.
This approach shifts more responsibility to you as the user but provides mathematical guarantees of privacy that policy-based approaches cannot match. We believe this trade-off is worthwhile for users who value true data privacy and security.
12. LIMITATION OF LIABILITY
12.1 Liability Cap. IN NO EVENT SHALL GENIE9’S TOTAL LIABILITY TO YOU FOR ANY CLAIMS RELATED TO THE ZERO-KNOWLEDGE ARCHITECTURE OR ITS IMPLICATIONS EXCEED ONE HUNDRED U.S. DOLLARS ($100.00), REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, OR OTHERWISE.
13. CONTACT INFORMATION
For questions about our zero-knowledge encryption implementation, please contact:
Genie9 LTD
3 Shortlands
W68DA, London
United Kingdom
Email: security@genie9.com
END OF ZERO-KNOWLEDGE STATEMENT