LAST UPDATED: July 5, 2026 • JURISDICTION: INDIA

End-to-End Encryption Architecture & Liability Disclaimer

CRITICAL WARNING: For End-to-End Encrypted (E2EE) data, your account password acts as the cryptographic key. Consisto never receives, stores, or possesses your plaintext password or encryption keys. IF YOU LOSE YOUR PASSWORD AND HAVE NO BACKUP KEYS, YOUR ENCRYPTED DATA IS PERMANENTLY LOST.

1. Zero-Knowledge Architecture

Consisto employs a strict Zero-Knowledge architecture for sensitive features (e.g., Personal Journals). This means:

  • Data is encrypted locally on your device before it ever reaches our servers.
  • We store only ciphertext (the encrypted blob).
  • We mathematically cannot decrypt, read, analyze, or recover your data.

2. Cryptographic Implementation

Our client-side encryption utilizes industry-standard WebCrypto APIs. The encryption key is derived locally from your plaintext password using PBKDF2 (Password-Based Key Derivation Function 2) combined with a high iteration count and cryptographic salt. The actual data is encrypted using AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode).

3. Limitation of Liability for Data Loss

By utilizing the E2EE features of Consisto, you acknowledge and agree that:

  • You are solely responsible for remembering your password and/or maintaining secure backups of any provided recovery keys.
  • Consisto cannot perform password resets that preserve access to your E2EE data. While we can reset your account access, doing so will permanently orphan any previously encrypted data, rendering it unrecoverable.
  • Consisto is fully indemnified and held harmless against any claims, damages, or losses resulting from your inability to access E2EE data due to lost, forgotten, or compromised passwords/keys.

4. Law Enforcement and Subpoenas

Because we do not possess the keys to decrypt your E2EE data, we cannot produce plaintext versions of this data in response to subpoenas, court orders, or law enforcement requests. If legally compelled, we can only provide the encrypted ciphertext blobs and associated unencrypted metadata (e.g., account creation date, login timestamps, billing information).