Start for free
Pivlu AI Assistant
Suggested questions
Powered by AI. Answers are based on Pivlu product documentation.
Pivlu Vault
Get started today Get started

Encrypted Documents —
sensitive files the server can't read

Tax returns, signed contracts, insurance policies, SSL certificates, passport scans — files you'd never store in Google Drive or Dropbox. Every file is encrypted in your browser before upload. The server stores only opaque ciphertext it cannot read.

Upload Encrypted Files
AES-256
File encryption
Any
File type supported
1MB
Encrypted chunks
0
Metadata exposed

How File Encryption Works

Files never leave your browser in readable form — true zero-knowledge file storage.

Pre-Upload Encryption

When you select a file to upload, the Web Crypto API encrypts it in your browser with AES-256-GCM before any network request is made. The plaintext file is never sent over the wire — only ciphertext reaches the server. Even if you're on a compromised network, the intercepted upload is useless.

Chunked for Large Files

Files are split into 1MB chunks before encryption. Each chunk is encrypted with its own Initialization Vector (IV). Chunking enables reliable upload of large files over unstable connections (each chunk can be re-uploaded independently) and efficient streaming on download.

Zero Metadata Leakage

Even the file name and MIME type are encrypted before upload. The server stores only the encrypted blob and an item ID — it has no knowledge of what kind of file it is, what it contains, or what it's named. A database breach reveals literally nothing about your files.

Client-Side Decryption on Download

When you open or download a file, ciphertext chunks are fetched from the server and decrypted in your browser. The plaintext file exists only in browser memory and is written to your disk only when you explicitly save it. The server never processes the decrypted content.

File Management & Access

Organized with your other vault items — not in a separate interface.

Any File Type

PDF, DOCX, XLSX, JPEG, PNG, ZIP, PEM, PFX, TXT — any file type is accepted. The encryption process is file-format agnostic; the encrypted blob is stored as-is. There are no format restrictions, no conversion, and no processing of your file contents.

Organized in Vaults

Documents live in the same vault structure as passwords and notes. Store a certificate in the same folder as the server credentials it belongs to. Keep financial documents in a dedicated vault shared only with your accountant. Context-organized storage.

Team Sharing via Vault Access

Documents in shared vaults are accessible to all vault members. Access is granted at the vault level — no per-file permission management needed. When a team member is removed from a vault, they lose access to all files in it immediately.

What belongs here, not in Google Drive

Legal & Financial Documents

Tax returns, signed contracts, equity agreements, insurance policies, bank statements, and incorporation documents. Files that have real-world consequences if they fall into the wrong hands.

Certificates & Private Keys

SSL/TLS certificates (.pem, .pfx, .crt), SSH private keys (.pem, .ppk), code signing certificates, and CA bundles. The technical secrets that protect your infrastructure and should never be in a shared drive.

Personal Identity Documents

Scanned passports, national ID cards, driver's licenses, and residency documents. Accessible on any device when needed for applications or travel, without carrying physical documents everywhere.

One platform. Built for businesses, teams, and creators.

12 powerful products to build, manage, and grow — all under one roof.

Workspace Commerce Sites Analytics CRM Marketing Booking Forms Desk Consent Vault Studio
Get started for free