Security & privacy

Built so there's nothing in the middle to compromise.

Most file-sharing security is about protecting a server. Privatta has none — so the security model is about the connection itself: who's really on the other end, and proving it before a single byte moves.

0
Servers in the data path
3
Independent checks per connection
X25519
Key exchange, ChaCha20-Poly1305 AEAD
Permanent
Ban on a failed P2P handshake
01At the door

Three checks before anything opens.

Over the internet, getting to a file means passing all three checks at once. Miss any one and the connection is sealed shut, automatically, with no second try.

1

A password they know

The right username and password, just like signing in anywhere.

2

The exact device you trust

Privatta also checks the computer itself. Each machine has its own unique fingerprint, and only the ones you approve get in. A stolen password from a strange laptop is useless.

3

Permission for that file

Even then, the person only sees the specific files you shared with them. Everything else stays invisible.

123OPEN

All three checks pass

The full model

Five protections working together.

Noise Protocol transport

X25519 ephemeral key exchange and ChaCha20-Poly1305 authenticated encryption secure every byte in transit, with forward secrecy per session.

Cryptographic machine identity

Each machine has a persistent Ed25519 keypair (Peer ID over the internet) or is checked by MAC address on the LAN — not just a password.

Automatic ban on failure

A failed P2P handshake permanently bans that peer for the session. There is no second attempt to brute-force.

Trusted network ranges

Pre-authorise VPN address ranges (Tailscale, ZeroTier, RFC 1918 private ranges) so remote teammates connect without weakening the model.

Hashed credentials

Account passwords are stored only as scrypt hashes — never in plaintext, and never written to the access log.

Local, tamper-evident audit log

Every attempt — allowed or denied — is recorded locally with user, machine identity, IP, file and outcome. Nothing is sent to us.

02The record

Every knock at the door is written down.

Privatta keeps its own private log of every attempt to reach your files: who, from which device, which file, and whether it was allowed. Passwords never appear in it. And when an unknown device tries its luck, the door seals on the first wrong move.

access.log
192.168.1.24 alice merger_terms.pdfallowed
192.168.1.31 bob payroll.xlsxno permission
10.0.0.9 (unknown device)sealed · banned
192.168.1.24 alice site_photos.zipallowed

Bring this to your security review.

The full protocol detail — handshake sequence, identity model, NAT traversal — is documented for procurement and IT architecture teams.

Talk to the team that actually builds the software.

Pilot deployments, volume licensing, product demos, security questionnaires — all handled by engineers and product leads, not a routing layer. We respond within one business day.

Schedule a discovery call
Half-hour walkthrough with someone who built the product — no sales script.
Run a pilot deployment
Full-feature evaluation with guided install, configured for your environment.
Email us directly
sales@royalsoftworks.com — we respond within one business day.

Send us a message

Leave your details and we'll follow up within one business day.