Welcome to the Security and Privacy FAQ for Srarna Photos. This document provides detailed information about our security practices, privacy measures, and how we protect your data. We are committed to maintaining the highest standards of data protection and transparency.
Data Encryption and Storage
Can Srarna see my photos and videos?
No. Your files are encrypted on your device before being uploaded to our servers. The encryption keys are derived from your password using advanced key derivation functions. Since only you know your password, only you can decrypt your files. For technical details, please see our architecture document.
How is my data encrypted?
We use the following encryption algorithms:
- Encryption:
XChaCha20andXSalsa20 - Authentication: Poly1305 message authentication code (MAC)
- Key derivation: Argon2id with high memory and computation parameters
These algorithms are implemented using libsodium, an externally audited cryptographic library. Our architecture document provides full technical specifications.
Where is my data stored?
We use a combination of object storage and distributed databases to ensure high availability and durability. Our reliability document provides in-depth information about our storage infrastructure and data replication strategies.
How does Srarna's encryption compare to industry standards?
Our encryption model exceeds industry standards. While many services use server-side encryption, we implement end-to-end encryption. This means that even in the unlikely event of a server breach, your data remains protected.
Account Security
What happens if I forget my password?
You can reset your password using your recovery key. This key is a randomly generated string provided to you during account creation. Store it securely, as it's your lifeline if you forget your password. If you lose both your password and recovery key, we cannot recover your account or data due to our zero-knowledge architecture.
Can I change my password?
Yes, you can change your password at any time from our apps. Our architecture allows password changes without re-encrypting your entire library. The privacy of your account is a function of the strength of your password, so please choose a strong one.
Do you support two-factor authentication (2FA)?
Yes, we recommend enabling 2FA for an additional layer of security. We support:
- Time-based One-Time Passwords (TOTP)
- WebAuthn/FIDO2 for hardware security keys
You can set up 2FA in the settings of our mobile or desktop apps.
Sharing and Collaboration
How does sharing work?
The information required to decrypt an album is encrypted with the recipient's public key so that only they can decrypt it. You can read more about this here.
In the case of shareable links, the key to decrypt the album is appended by the client as a fragment to the URL, and is never sent to our servers.
Please note that only users on the paid plan are allowed to share albums. The receiver just needs a free Srarna account.
Security Audits
Has the Srarna Photos app been audited by a credible source?
Yes, Srarna Photos has undergone a thorough security audit conducted by Cure53, in collaboration with Symbolic Software. Cure53 is a prominent German cybersecurity firm, while Symbolic Software specializes in applied cryptography.
Account Management
How can I delete my account?
You can delete your account at any time by using the "Delete account" option in the settings. For security reasons, we request you delete your account on your own instead of contacting support to ask them to delete your account.
Note that both Srarna Photos and Srarna Auth data will be deleted when you delete your account (irrespective of which app you delete it from) since both photos and auth use the same underlying account.
Additional Support
For any security or privacy questions not covered here, please contact our team at security@srarna.com. We're committed to addressing your concerns and continuously improving our security measures.