Four steps. Every step in your browser.

How it works

Every step happens on your device before a single byte reaches our servers. The RESQD API is zero-knowledge by architecture — not by promise.

01

Sign up with a passkey

Your fingerprint, Face ID, or Windows Hello creates a cryptographic identity bound to this device. Your vault key is derived from it via the WebAuthn PRF extension and never leaves the browser.

02

Drop a file

The browser generates a fresh per-file key, encrypts your file with XChaCha20-Poly1305, seals that key under your master key, and Reed-Solomon codes the ciphertext into 6 shards.

03

Six clouds, one vault

Each shard goes directly to a different storage backend via a presigned URL — RESQD's API never touches the bytes. No single cloud, or subpoena, can reconstruct your data. Any 4 of 6 shards is enough to recover.

04

Anchored on-chain

Every access rotates a canary commitment and writes it to Base L2. You can verify the read history cryptographically, forever, for less than a penny per access. If anyone — including us — reads a file without your knowledge, the on-chain sequence proves it.

For the specific cryptographic primitives and trust boundaries, read the Security Model.

Create your vault — free