I built DocLet, a zero-knowledge cloud storage system where all encryption happens on the client and the server never receives the encryption key — not even an encrypted form of it. The goal is to give users full control over their data without relying on provider trust.
A few technical differences from existing encrypted providers like Proton Drive:
• Client-side key handling: Proton Drive encrypts files end-to-end, but the server still receives an encrypted version of the user’s key. In DocLet, the encryption key is generated and stays entirely on the user’s device. We never see it, store it, or receive any encrypted copy of it.
• Password reset without data loss: In Proton, forgetting your password means all data is inaccessible unless you saved a recovery code. DocLet keeps encryption keys separate from login credentials, so users can reset their password safely. If a user loses their key, they can create a new key branch and continue using their account, and if they recover the old key later, all their original data becomes accessible again.
• Key branches: DocLet supports multiple encryption “branches” with different keys in the same account — useful for compartmentalization or recovering access later.
Other details: • Node.js + MongoDB backend • React Web app • Flutter mobile app (complete but not public yet) • Subscription system already implemented
The web app is live: https://doclet.app
I’d love feedback on: • The cryptographic assumptions • Key-branch design • Any security oversights • UX around key management • What would make this useful for privacy-first users or teams
Happy to answer all technical questions.
— Hasanur M