What "Encrypted" Really Means
Many services claim encryption, but not all encryption is equal. Learn the difference between marketing speak and actual privacy protection.
Types of encryption
No encryption
NoneFiles stored and transferred in plain text. Anyone with server access can read them.
Examples: Some legacy systems
TLS (in-transit only)
BasicFiles encrypted during transfer, but stored unencrypted on servers. The service can access your files.
Examples: Most cloud storage, email
At-rest encryption
ModerateFiles encrypted on servers, but the service holds the keys. They can still access your files if needed.
Examples: Google Drive, Dropbox, OneDrive
End-to-end encryption (E2E)
MaximumFiles encrypted on your device before upload. Only you and recipients with the key can decrypt. The service cannot access your files.
Examples: Stash, Signal (messages)
How end-to-end encryption works
Encrypt locally
Your file is encrypted on your device with a unique key before uploading
Store encrypted
Only encrypted data is uploaded and stored—the service never sees your file
Decrypt on download
Recipients use the key (in the link) to decrypt the file on their device
Why E2E encryption matters
Data breaches happen
Even major companies get hacked. If your files are encrypted end-to-end, a breach exposes only unreadable encrypted data—not your actual files.
Insider access is real
Without E2E encryption, employees or contractors at the service provider could potentially access your files. With E2E, even insiders cannot decrypt your data.
Legal requests
Governments can compel companies to hand over user data. If files are end-to-end encrypted, the company literally cannot comply because they do not have the decryption keys.
Future-proofing
Today's secure storage might be compromised tomorrow. End-to-end encryption means your files remain protected regardless of what happens to the service.
How Stash protects your files
- • AES-256-GCM encryption—military-grade encryption performed on your device
- • Key in your link—the decryption key is embedded in the URL fragment, never sent to our servers
- • Zero knowledge—we cannot see your files, even if compelled by law
- • Browser-based decryption—recipients decrypt in their browser, no app needed
True privacy for your files
Download Stash for end-to-end encrypted file sharing.
Frequently asked questions
What is end-to-end encryption?
End-to-end encryption (E2E) means your files are encrypted on your device before being uploaded anywhere. Only someone with the decryption key can decrypt them. The service provider never has access to your unencrypted files.
Is Google Drive end-to-end encrypted?
No. Google Drive uses encryption in transit and at rest, but Google holds the encryption keys. This means Google can technically access your files, and they could be exposed in a data breach.
Does E2E encryption affect file quality?
No. End-to-end encryption does not compress or modify your files in any way. It simply scrambles the data so only authorized recipients can read it. Your files remain exactly as you uploaded them.