Client-side encryption (AES-256-GCM). Server stores ciphertext only. Key stays in URL fragment (#k=...) so it’s never sent to the server.
What makes this different: the server never receives your decryption key. It stores only encrypted chunks.
Integrity: every chunk is authenticated (AES-GCM). A ciphertext receipt (SHA-256) is generated at finalize.
Operational control: time-limited transfers with optional burn. Ideal for contractor vetting and controlled disclosure.
Labels like “RESTRICTED / CLASSIFIED” are UI posture indicators. Real classification handling depends on your governance process.