Confidentiality preserved by construction, not by promise.

Statement of the service

Files are encrypted on the practitioner's device, by means of Restic, an open‑source, well‑reviewed deduplicating backup tool, prior to transit. The encrypted material is then transmitted over the Tor network to the service. The service receives ciphertext only. Where the encrypted material is stored is, by deliberate design, irrelevant to the confidentiality of the materials, as the service holds no decryption capability.

Authentication is performed exclusively through a client‑held X.509 certificate by way of mutual TLS. There is no username, no password, and no recovery procedure. The certificate is the account. Possession of the certificate constitutes the entirety of the access credential, and the operator cannot reproduce, reset, or restore it.

Payment is taken in Monero. The service does not request, retain, or transmit any personally identifying information about the practitioner, the firm, or its clients. This is a privacy posture by architecture, not a contractual undertaking.

Custody and access

1. Client‑side encryption.

   Encryption occurs on the practitioner's device prior to transmission. The operator receives only ciphertext. No plaintext is transferred, processed, or stored at any point in the service path.

2. mTLS‑only access.

   Every request to the archive is gated by mutual TLS. The server validates the presented certificate against an enrolled identifier; the client validates the server certificate in turn. Sessions without a valid client certificate are refused at the transport layer, before any application logic runs.

3. No provider‑held keys.

   Decryption keys are derived from a passphrase chosen by the practitioner and held only on the practitioner's device. The operator does not generate, escrow, back up, or otherwise possess any key material capable of reading the archive. The practitioner remains the sole custodian of the decryption keys.

4. No recoverable identity.

   The account is identified by the SHA‑256 hash of the client certificate. The operator holds no name, no e‑mail address, no telephone number, no billing address, and no IP address by which a holder may be re‑identified. Loss of the certificate is irreversible; the practitioner remains the sole custodian.

What is not collected

The following items are not gathered by the service in the ordinary course of operation:

• Names of practitioners, firms, clients, or matters.
• Electronic mail addresses or telephone numbers.
• Postal or billing addresses.
• Originating IP addresses (transport occurs over Tor).
• Device identifiers, browser fingerprints, or telemetry of any kind.
• File names, directory paths, or any plaintext metadata about the archived material.
• Analytics, third‑party trackers, or advertising identifiers on this page or in the client.

The clients are open source and built reproducibly. Independent verification of these omissions is therefore available to a sufficiently determined reader.

Pricing

Charges are settled in Monero on a pay‑as‑you‑go basis. Funded balances are consumed by the second of storage; refills are user‑initiated. There is no subscription, minimum commitment, or recurring instrument on file.

Use within your existing retention policy

Retention is governed by the practitioner, not by the service. Private Archive does not impose a minimum retention period, a maximum retention period, or a deletion schedule of its own. The service is compatible with retention policies you control: you may add material, prune material, and expire material on the cadence your firm's policy requires.

Archives remain available for so long as a positive funded balance is maintained against the account. When the balance is exhausted, the archive expires in the ordinary course; this is a function of payment, not of any judgement by the operator concerning the value or sensitivity of the contents. Practitioners wishing to ensure indefinite availability should monitor balance and refill in advance, or migrate the archive elsewhere prior to lapse.

Because the operator cannot read the archive, the operator cannot apply legal holds, content‑based exemptions, or selective preservation on the practitioner's behalf. Any such hold must be implemented by the practitioner, on the device, before encryption.

Download

The client is distributed as a signed, reproducible build for the platforms enumerated below. Verification of the SHA‑256 sums against the published manifest is recommended before installation. The full source archive is also published, so that the encryption implementation may be examined independently.

• privatearchive‑darwin‑arm64.dmg macOS — Apple Silicon
• privatearchive‑darwin‑amd64.dmg macOS — Intel
• privatearchive‑linux‑amd64.tar.gz Linux — amd64
• privatearchive‑linux‑arm64.tar.gz Linux — arm64
• privatearchive‑windows‑amd64.zip Windows — amd64
• SHA256SUMS Checksum manifest
• privatearchive‑source‑v0.1.0.tar.gz Source archive — for independent review of the encryption implementation