Privacy & Encryption

Security by design & zero-knowledge sync

We built Choco Sync with a simple rule: No compromise with security and privacy. Here is exactly how we protect your sessions.

Core Principle

Zero-Knowledge Architecture

Choco Sync is built on a Zero-Knowledge model, ensuring your encryption keys never leave your device. Each platform operates with its own unique key, making it mathematically impossible for anyone including us to access your information without your specific platform key.

AES-256-GCM

The general standard of encryption. Financial-grade security that is robust, high-performance, and mathematically unbreakable.

End-to-End Secure

Your data travels through a secure tunnel. It is encrypted locally on your device before sync, ensuring only authorized devices can read it.

Role-Based Access

Granular control separates Owners (Full Access) from Members (Read-Only). Your credentials remain protected within their specific security boundaries.

Your Platform Key

01
01

Per-Platform Keys

Keys are generated specifically for each platform. This ensures complete isolation - compromising one platform never exposes another.

02
02

Local Verification

Unlocking your data on new devices happens strictly on your machine. We provide the encrypted data; you provide the key to open it.

03
03

Zero Backdoors

Key recovery is technically impossible for us. This ensures that your data remains yours even if our infrastructure is compromised.

Recovery & Resets

Platform Specific

Key Retrieval & Deletion

Lost your Platform Key? You can retrieve it using your Account Password (if you have backed it up). Resetting a key immediately deletes all synced data for that specific platform.

Only affects the specific platform. Other platforms remain safe.

Standard Update

Safe Password Change

Changing your password by providing your current password is completely safe. We simply re-encrypt your key backups with your new credentials, preserving all your access.

Zero data loss. Your keys are seamlessly migrated.

Emergency Recovery

Forced Reset

Resetting via Google Auth without your old password breaks the encryption chain. Since we cannot decrypt your old backups, all credential associations are permanently removed.

Critical event: All synced data across all platforms is lost.

Pure Security No Backdoors No Exceptions
Last Updated: January 21, 2026