Security & privacy

Encryption, explained

What's encrypted in transit, at rest, and sealed, and why it isn't end-to-end.

3 min read · Updated June 28, 2026


Here's exactly what encryption does, and doesn't do, in Stoatify, in plain terms.

In transit

All traffic between your devices and Stoatify is served over HTTPS (TLS), so nothing travels the network in the clear.

At rest

Your file bytes sit in object storage and your metadata in a database, both encrypted at rest by the underlying storage provider.

Sealed secrets

Some especially sensitive values are additionally sealed with authenticated encryption before they're stored, including the password for a connected mail account and the private key used to sign documents.

Not end-to-end

Stoatify is not end-to-end or zero-knowledge encrypted, and it doesn't pretend to be. The server reads your documents to extract their text, render previews, and power search and suggestions. What protects them is strict access control: only you, and the people you share with, can reach them. See How Stoatify protects your data.

Good to know

Being straight about this matters more than a buzzword: the guarantee is that nobody, inside or outside your org, can see a document they haven't been granted, not that the server is blind to its own storage.

Was this article helpful?

Ready to try it?

Open your vault and put this into practice.

Open app