FAQ GitHub
< back to Capsule

Encryption

Capsule's security model is designed so that the server never needs to be trusted. Encryption happens on your device before upload. The server receives only ciphertext. Your key and your plaintext never reach it.

Client-side encryption

Zero-knowledge encryption model

Encryption runs entirely on your device before anything leaves it. Whether you use the Encrypt checkbox in the web UI, the CLI's upload-encrypted subcommand, or the Android app, the process completes locally. The server receives only the resulting ciphertext plus an encrypted=true query parameter. Your key and your plaintext never touch the server.

The encryption standard

Capsule uses the age v1 binary format with a scrypt passphrase recipient. The cipher is ChaCha20-Poly1305 (authenticated encryption). The key is derived with scrypt from a 12-word English BIP39 mnemonic generated from 128 bits of entropy. The mnemonic is generated locally on your device and never transmitted.

Works across all clients

A file encrypted on the web can be decrypted by the CLI, and vice versa. The web UI (age-encryption + @scure/bip39), CLI (age crate + bip39 crate), and Android app all produce compatible age v1 ciphertext with no proprietary format. If you lose access to one client, any other can still decrypt.

What the server sees

What the server stores

The server stores the encrypted file bytes at a temporary path and a boolean flag IsEncrypted. On download, it returns an X-Encrypted: true response header so clients know whether to prompt for a mnemonic. That is all. No key material, no metadata about the original file beyond its name and size.

Transport & infrastructure

Transport security

All connections go through Cloudflare Tunnels. TLS is terminated at Cloudflare's edge. Cloudflare also enforces the 100 MB file size limit at the edge before traffic reaches the origin server.

Automatic deletion

Files are stored in a temporary directory and deleted by the server's cleanup routine after 60 minutes. There are no backups of uploaded files. Once the expiry window passes, the file cannot be recovered, even with the mnemonic.

Transparency

Open source server

The Capsule server is published under the AGPL-3.0 license on GitHub ↗. You can read every line of code that handles your upload, run your own instance, or propose changes.

No accounts, no breach surface

Capsule has no user accounts and collects no personal information. There is no database of credentials, no email list, and no login system. There is nothing to steal.

Privacy-friendly analytics

The web interface uses Plausible Analytics ↗ for aggregate visit counts. No cookies, no personal identifiers, no cross-site tracking.

Contact

Report a vulnerability

If you find a security issue, please open an issue on GitHub ↗ or contact Sean directly via byseansingh.com ↗.