Transparency Report

What We Can't Do

These properties are enforced by the design of the system, not by policy. They hold regardless of any legal order, internal decision, or compromise of our infrastructure.

• We never see your data. File contents are encrypted client-side before leaving your device. Plaintext never reaches our infrastructure.
• We never hold your keys. Encryption keys are derived client-side and are never transmitted to or stored by us.
• Your data never passes through us. Encrypted data flows directly between the client SDK and Sia storage hosts. Our infrastructure is not in the data path.
• We can't read your metadata. Object metadata is encrypted client-side before being pinned to the indexer. We store it, but it's opaque to us.
• We can't tamper with your metadata. Object metadata is signed client-side with a key derived from your secret. Any modification causes a verification failure when the client SDK retrieves the object.
• Everything is open source. The client SDKs, the indexer, and the full storage stack are publicly auditable.

What We Hold

In the interest of transparency, this is the complete list of user data our infrastructure stores or has access to:

• Account information — email address, payment and billing details
• Encrypted object metadata — opaque to us, client-signed, tamper-evident
• Object sizes

We do not hold file contents, plaintext metadata, encryption keys, API access logs, or IP address logs.

Some Things We've Never Done