Encryption, explained
What's encrypted in transit, at rest, and sealed, and why it isn't end-to-end.
3 min read · Updated June 28, 2026
Here's exactly what encryption does, and doesn't do, in Stoatify, in plain terms.
In transit
All traffic between your devices and Stoatify is served over HTTPS (TLS), so nothing travels the network in the clear.
At rest
Your file bytes sit in object storage and your metadata in a database, both encrypted at rest by the underlying storage provider.
Sealed secrets
Some especially sensitive values are additionally sealed with authenticated encryption before they're stored, including the password for a connected mail account and the private key used to sign documents.
Not end-to-end
Stoatify is not end-to-end or zero-knowledge encrypted, and it doesn't pretend to be. The server reads your documents to extract their text, render previews, and power search and suggestions. What protects them is strict access control: only you, and the people you share with, can reach them. See How Stoatify protects your data.
Good to know
Being straight about this matters more than a buzzword: the guarantee is that nobody, inside or outside your org, can see a document they haven't been granted, not that the server is blind to its own storage.