What is Zero-Knowledge encryption?

Zero-knowledge encryption guarantees your data is encrypted directly inside your local browser's memory before any network transmission occurs. You hold the unique key locally; StealthRelay servers never see, store, or possess the capability to decrypt your secure payloads.

How does local metadata bleaching protect shared files?

When files or photos are selected for secure sharing, our client-side software redrafts canvas details in active memory to permanently sanitize embedded EXIF GPS tags, camera models, and identifying parameters before the cryptographic seal is finalized.

Regulatory Mandate

Legal & Protections

Stealth Relay is legally and architecturally bound to protect user identities. Below is the definitive summary of your protections and guarantees.

Privacy Mandate (Data Minimization)

Our default data posture is 'collect nothing'. We do not monitor incoming email bodies (unless strictly scanned temporarily for links on-the-fly to strip trackers), nor store plaintext metadata. Once an alias email is destroyed, all related relational indexes are completely erased.

Zero IP telemetry collection on Vault operations
No storage of unencrypted payload buffers
All logs expire automatically after 48 hours

Terms of Immunity (Acceptable Usage)

Users retain 100% legal liability for encrypted data stored in their private silo. Stealth Relay does not actively inspect, filter, or moderate Zero-Knowledge files. However, automated server network abuse or denial-of-service activities will result in immediate IP-level boundary revocation.

Silo keys strictly held by local browser state
Automated systems prevent outgoing network spam
Illegal network penetration operations prohibited

GDPR & International Secrecy Consistency

Every human has a fundamental right to control their data. We extend full GDPR-level deletion controls to every inhabitant of Earth, regardless of their national geography. Deletion requests require 1 click inside the control console.

Full GDPR Article 17 consistency globally
Single-step master key and bucket purges
Zero selling of behavioral navigation analytics

Infrastructure Compliance & Trust

Stealth Relay runs on Cloudflare's serverless edge infrastructure (Workers, R2, D1) and processes billing natively through Stripe. We inherit a world-class spectrum of independent compliance audits out-of-the-box, ensuring complete physical, operational, and database security parity.

SOC 2 / SOC 3

Security & Availability Audited

Inherited SOC 2 Type II and SOC 3 compliance reports. Physical data centers and operational networks meet rigorous independent audit controls.

ISO/IEC 27001

Global Security Parity Standards

System endpoints inherit ISO/IEC 27001 (Information Security Management) and ISO 27018 (PII protection in public clouds) infrastructure credentials.

GDPR & CCPA Compliant

Built-in Data Minimization

Fully optimized for EU/UK GDPR and CCPA alignment. All network transit is routed using Cloudflare's high-privacy edge protocols with global deletion options.

PCI DSS Level 1

Zero In-House Credit Card Handling

Operatives are billed securely. All payment information flows directly to Stripe's Level 1 PCI DSS tokenization gateway. We store zero raw transaction records.

HIPAA Alignment

Non-Custodial PHI Security

No Protected Health Information (PHI) is readable by our servers. Because files are encrypted locally in browser RAM before upload, the system is natively compliant.

ITAR / EAR Ready

Decentralized Key Isolation

Export-controlled data is isolated strictly using local device-level PBKDF2/AES key envelopes, ensuring unencrypted payloads never traverse the network.

Data Processors: Cloudflare Inc. & Stripe Inc.Cloudflare Trust Hub

Current Warrant Canary

-- START MANDATORY CANARY UPDATE --

TIMESTAMP: May 25, 2026

STATUS: CLEAR

Stealth Relay operates under strict Zero-Knowledge architectures. As of today:

1. Stealth Relay has received NO national security letters.

2. Stealth Relay has received NO gag orders or secret court warrants.

3. No administrative decryption backdoors have been implemented.

-- END CANARY SIGNATURE --

Due to our mathematical Zero-Knowledge design, even in the event of physical hardware seizure, third parties cannot access files because the underlying cipher keys reside strictly on your own terminal.

Status: Immune