MapleCloud is built on zero-knowledge architecture. We never have access to your data — mathematically.
All files, emails, calendar events, and vault entries are encrypted on your device using AES-256 and OpenPGP before reaching our servers.
Authentication uses SRP-6a (Secure Remote Password). Your password is never transmitted — only a mathematical proof that you know it.
All data resides on servers in Canada. We are subject to Canadian law and PIPEDA — not the US CLOUD Act or EU jurisdiction.
Our client-side code is open source. You can verify that we are doing what we say. Independent security audits are published on our audit page.
Each user has unique RSA-4096 address keys. Share keys, node keys, and session keys are derived per-item, limiting the blast radius of any compromise.
We publish a transparency report annually and respond to legal requests only as required by Canadian law. See our transparency page.