End-to-End Encryption Architecture & Liability Disclaimer
1. Zero-Knowledge Architecture
Consisto employs a strict Zero-Knowledge architecture for sensitive features (e.g., Personal Journals). This means:
- Data is encrypted locally on your device before it ever reaches our servers.
- We store only ciphertext (the encrypted blob).
- We mathematically cannot decrypt, read, analyze, or recover your data.
2. Cryptographic Implementation
Our client-side encryption utilizes industry-standard WebCrypto APIs. The encryption key is derived locally from your plaintext password using PBKDF2 (Password-Based Key Derivation Function 2) combined with a high iteration count and cryptographic salt. The actual data is encrypted using AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode).
3. Limitation of Liability for Data Loss
By utilizing the E2EE features of Consisto, you acknowledge and agree that:
- You are solely responsible for remembering your password and/or maintaining secure backups of any provided recovery keys.
- Consisto cannot perform password resets that preserve access to your E2EE data. While we can reset your account access, doing so will permanently orphan any previously encrypted data, rendering it unrecoverable.
- Consisto is fully indemnified and held harmless against any claims, damages, or losses resulting from your inability to access E2EE data due to lost, forgotten, or compromised passwords/keys.
4. Law Enforcement and Subpoenas
Because we do not possess the keys to decrypt your E2EE data, we cannot produce plaintext versions of this data in response to subpoenas, court orders, or law enforcement requests. If legally compelled, we can only provide the encrypted ciphertext blobs and associated unencrypted metadata (e.g., account creation date, login timestamps, billing information).