> For the complete documentation index, see [llms.txt](https://oten.gitbook.io/drive-support/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oten.gitbook.io/drive-support/security-model/create-a-new-vault-1.md).

# What the server can see

Honesty about the boundary matters. Here's exactly what Oten Cloud does and does not have.

### What the server stores <a href="#what-the-server-stores" id="what-the-server-stores"></a>

* **Opaque encrypted blobs** — your file contents, as ciphertext it cannot read.
* **Minimal bookkeeping** — identifiers, version counters, and timestamps needed to sync and resolve conflicts.
* **Account and sharing routing** — enough to deliver a share to a recipient and enforce its expiration.

### What the server never has <a href="#what-the-server-never-has" id="what-the-server-never-has"></a>

* **No plaintext** — not file contents, not file names, not folder structure, not vault names.
* **No keys** — no user seed, no vault seed, no layer or file keys. Ephemeral keys are never stored anywhere, on device or server.
* **No passwords or PINs** — these are verified locally and never transmitted.
* **No layer count** — the server **cannot tell how many Shadow Layers a vault has**, or whether a vault has more than one.

### What metadata can imply <a href="#what-metadata-can-imply" id="what-metadata-can-imply"></a>

Zero-knowledge is not zero-metadata. The server can observe operational facts such as *that* an account is active, *when* it syncs, and the *approximate size* and *number* of encrypted blobs. It cannot read them, but the existence and timing of activity is visible.

### Why this is the point <a href="#why-this-is-the-point" id="why-this-is-the-point"></a>

Because there is no plaintext and no key on the server, there is nothing meaningful to hand over — to an attacker who breaches the cloud, an insider, or a legal order. The system is designed so that "trust us" isn't required: the server *couldn't* read your files even if it wanted to.

> See also: [How your data is protected](/drive-support/shadow-layers/how-shadow-layers-work.md) · [What Shadow Layers do not protect against](/drive-support/security-model/create-a-new-vault-2.md)
