How We Protect Your Vault

About Help Contact Login Register
No internet connection

How We Protect Your Vault

A plain-language guide to how your vault is secured, backed up, and kept safe at every step β€” from the moment you upload to the moment you download.

How Uploading Works

When you upload a file to your Legati vault, it travels through a secure, encrypted connection (the same kind banks use) to our servers. Once it arrives, we immediately scramble it with your personal encryption key β€” turning it into unreadable data that only you can unlock. The original file is then replaced with the encrypted version.

Your Device
Encrypted Connection
Legati Server
Encrypted File

Your file is encrypted the instant it reaches our server β€” before anything else happens.

Secure Transfer

Your file travels over HTTPS β€” the same encrypted connection used by banks and hospitals. Nobody can intercept or read it in transit.

Instant Encryption

The moment your file arrives, it is encrypted with AES-256 β€” the gold standard used by governments worldwide. The original unencrypted file never touches our disk.

How Encryption Protects Your Files

Think of encryption like putting your file into an unbreakable vault. Your encryption key is the only combination that opens it. Without the key, the file is just random gibberish β€” even to us. We literally cannot read your files.

Your File photo.jpg
+ Your Key
Encrypted a7f3e9...b2.enc

Your personal key + your file = an encrypted file that only you can unlock.

What does AES-256 mean?
AES-256 is the encryption standard used by banks, hospitals, Fortune 500 companies, and governments around the world. The "256" refers to the key size β€” there are more possible keys than atoms in the observable universe. It would take billions of years for even the fastest supercomputers to crack.

Backup & Redundancy

Your encrypted vault is stored in two completely separate locations. If one goes down β€” fire, hardware failure, natural disaster β€” your files are still safe in the other. Think of it like keeping a copy of your house key with a trusted neighbor.

Legati Server
Primary Location Secure Location 1
Backup Secure Location 2

Every encrypted file is automatically copied to two independent secure locations.

Why Two Locations?

If one location has an outage or loses data, your files are still safe at the other. This is called redundancy β€” the same principle used by hospitals and airlines.

Data Stays in Your Region

European users' data stays in Europe. American users' data stays in the U.S. Your files never cross borders β€” we comply with GDPR and all applicable data residency laws.

How Downloading Works

When you download a file from your vault, the process runs in reverse. We fetch the encrypted file from secure storage, unlock it with your key, and send the original file back to you over a secure connection. At no point is your file stored unencrypted on our servers.

Your Vault
Unlock with Key
Encrypted Connection
Your Device

Your encrypted file is fetched, decrypted with your key, and streamed directly to your device.

Your Encryption Key

When you create your account, Legati generates a unique encryption key just for you. This key is the only way to lock and unlock your vault. We show it to you in your profile so you can save it somewhere safe.

Keep Your Key Safe

  • Download your key from your profile and store it somewhere safe (a password manager, a safe, or printed on paper)
  • Keep at least two copies in different locations
  • Never share your key with anyone you don't fully trust
  • Your delegates can access your files β€” but only if they have the key

If you lose your key, we cannot help.
Legati does not store your encryption key and cannot recover it. If your key is lost, your vault is permanently locked. This is by design β€” it means even we cannot access your data.

Frequently Asked Questions

Can Legati employees see my files?

No. Your files are encrypted with your personal key before they are stored. Without your key, they are just random data. We have zero access to your file contents.

What happens if Legati's servers go down?

Your files are backed up to two separate secure locations. Even if our main server goes offline, your encrypted files are safe and will be available when service is restored.

What happens if one of the backup locations has an outage?

We automatically fall back to the second provider. If one is unavailable, we pull from the other. You won't even notice.

Is my data encrypted while it travels over the internet?

Yes, twice. The connection itself is encrypted with TLS (the padlock icon in your browser). On top of that, your files are already encrypted with AES-256 before they leave our server.

What happens when I delete my account?

All your personal data, files, and records are permanently erased from our servers and both backup locations. Nothing is kept. This cannot be undone.

← Back to Help & Support