Softmask LogoSoftmask

End-to-End Encryption

Your data, encrypted on your device, only accessible by you.

What is End-to-End Encryption?

End-to-End Encryption (E2EE) is a security system where only the communicating users can read the messages or access the data. In Softmask's implementation, your files are encrypted before they leave your device and can only be decrypted with your personal encryption key, which is never sent to our servers.

This means that even we, as the service provider, cannot access your files' contents. Only you hold the keys to your data.

Maximum Privacy

Your files remain private even if our servers are compromised

Full Control

You decide who can access your encrypted files

GDPR Compliant

Meets the highest European privacy standards

Frequently Asked Questions

Common questions about our end-to-end encryption implementation.

What happens if I forget my encryption password?

If you forget your encryption password, you can use your recovery key to regain access to your files. This is why it's crucial to save your recovery key in a secure location when you first set up encryption.

Without either your password or recovery key, your encrypted files cannot be accessed—even by our technical team. This is a fundamental aspect of true end-to-end encryption that ensures your privacy.

Can I share encrypted files with others?

Yes, you can share encrypted files with others through Softmask's sharing features. When you share a file, the recipient will receive access to the encrypted file. Note that anyone with the link will be able to view the file, unless you add password protection to that specific share.

Is there a performance impact when using E2EE?

End-to-end encryption does add a small processing overhead when uploading and downloading files, as encryption and decryption happen on your device. However, we've optimized our implementation to minimize this impact. For most files and modern devices, you likely won't notice any significant delay.

What encryption standards do you use?

Softmask uses AES-256 encryption in GCM mode for file encryption, which is the same standard used by banks and government agencies for securing sensitive data. For key derivation from passwords, we use PBKDF2 with a high number of iterations to protect against brute force attacks.

Ready to Take Control of Your Privacy?

Join thousands of privacy-conscious users who trust Softmask with their important files.

No credit card required • 5GB free • End-to-end encryption included

Explore Related Features

Discover other Softmask features that complement our end-to-end encryption.

File Sharing

Securely share files with anyone, with optional password protection.

Cloud Protection

EU-based servers with advanced security to safeguard your data.

Privacy

An extra layer of privacy to your shared files and folders.

How Our E2EE Works

Understanding the technical process can help you appreciate the security Softmask provides.

1. Master Key Generation

When you first set up encryption, Softmask generates a unique master encryption key on your device using AES-256, the gold standard in encryption technology. This master key is what protects all your files.

2. Password Protection

Your master key is protected by your encryption password. The password itself is never stored; instead, we use a technique called key derivation (PBKDF2) to create a key from your password that can encrypt and decrypt your master key.

Important: Your encryption password is separate from your account password and is never sent to our servers.

3. File Encryption Process

When you upload a file, Softmask:

  1. Generates a unique key for that specific file
  2. Encrypts the file using its unique key
  3. Encrypts that file's key with your master key
  4. Stores only the encrypted data and encrypted file key

This multi-layered approach ensures maximum security while still allowing for efficient file management.

4. Decryption Process

When you access a file:

  1. Your master key is unlocked using your password
  2. The file's unique key is decrypted using your master key
  3. The file itself is decrypted using its unique key
  4. The decrypted file is available only on your device

The entire decryption process happens locally on your device—your files are never decrypted on our servers.

How to Use Our E2EE

Softmask makes encryption easy to use with a simple setup process.

Initial Setup

1

Create an Encryption Password

When you first upload a file, you'll be prompted to set up encryption by creating a strong password. This password should be different from your account password and kept secure.

2

Save Your Recovery Key

You'll receive a recovery key that can be used if you forget your password. Download and store this key in a secure location—it's your backup access method.

3

Unlock When Needed

Enter your encryption password whenever you start a new session to unlock your files. For security, this encryption is locked after you log out or close your browser.

Uploading Files

When you upload a file with encryption enabled:

  1. Ensure encryption is unlocked first
  2. Select files to upload as normal
  3. Files are automatically encrypted before upload
  4. The upload progress will show encryption status
No configuration needed after initial setup!

Accessing Files

To view or download your encrypted files:

  1. Enter your encryption password to unlock
  2. Browse your files as normal
  3. Download or preview files
  4. Files are decrypted on your device only
You'll need to unlock encryption after each session.

Why You Can't Instantly Access Files in a New Browser

Unlike regular cloud storage, with E2EE your encryption keys are stored locally in your browser, not on our servers. This provides maximum security but means:

  • Your master key is only stored in the browser where you set up encryption
  • When you use a new browser or device, it doesn't have access to your master key
  • This is actually a security feature, preventing unauthorized access from different devices

Security vs. Convenience

This approach prioritizes security over convenience. We could store your master key on our servers, but that would defeat the purpose of end-to-end encryption and reduce your privacy protection.

How to Access Your Files in a New Browser

Despite this limitation, we've made it easy to access your files from a new browser or device with these options:

Export/Import Master Key

From your original browser where encryption is set up:

  1. Go to Encryption Settings
  2. Select "Export Encryption Key"
  3. Enter your encryption password
  4. Save the exported file securely

Then in your new browser:

  1. Click "Import encryption key" during setup
  2. Upload the exported file
  3. Enter your encryption password
This method preserves your original master key across devices.

Why End-to-End Encryption Matters

In today's digital world, protecting your privacy has never been more important.

Protection from Surveillance

Cloud providers without E2EE can access, scan, and analyze your files for various purposes, including targeted advertising or compliance with overly broad government requests.

With Softmask, your data is protected from both corporate and government surveillance.

Data Breach Protection

Even if our servers were compromised, your files would remain encrypted and inaccessible without your personal encryption key, which is never stored on our servers.

Your data remains protected even in the unlikely event of a server breach.

GDPR Compliance

Our E2EE approach helps us maintain the highest standards of GDPR compliance by minimizing the personal data we process and ensuring data protection by design.

As an EU-based service, we take European privacy standards seriously.

Sensitive Document Protection

For financial records, legal documents, personal photos, or business secrets, E2EE provides the level of protection these sensitive materials deserve.

Some data is too important to trust to standard cloud storage solutions.

Balancing Security and Usability

We've designed our E2EE system to be both highly secure and user-friendly. While it requires a few extra steps compared to standard cloud storage, these steps ensure your data remains truly private and under your control.

Our Commitment

At Softmask, we believe privacy is a fundamental right. Our end-to-end encryption is not an afterthought or premium feature—it's built into the core of our service, ensuring your digital life remains private by default.

Compatibility & Limitations

Understanding what works with end-to-end encryption and what doesn't.

Supported Features

File Storage & Organization

All files and folders can be encrypted

Secure File Sharing

Share with password protection

Multiple Device Access

Using export/import

Cross-Browser Support

Works in all modern browsers

Limitations to Consider

File Preview Restrictions

Some file types can't be previewed directly in the browser without downloading first.

Search Limitations

Since files are encrypted, we cannot search within file contents—only filenames and metadata.

No Password Recovery

Without your recovery key, we cannot restore access if you forget your encryption password.

Browser Requirements

Softmask's encryption features work best with modern browsers (Chrome, Firefox, Safari, Edge) updated to their latest versions. Older browsers may not support our encryption system.

Take Control of Your Privacy Today

Join the thousands of users who have already secured their important files with Softmask's end-to-end encryption.

10 GB Free
No Credit Card
Full E2E Encryption