Zero-knowledge explained

SaudaFlow staff cannot read your leads, contacts, notes, deals, payslips, or documents. Here is why, in plain English:

• Your passphrase derives your master key on your device, not ours.
• Every record uses its own data-encryption key, wrapped by your master key.
• Phone and email are blind-indexed via HMAC — we can match, not read.
• Logs and error reports are scrubbed of any tenant content.

For the cryptographic detail, see the privacy whitepaper.