Encryption Features

Security is a core pillar of BoxedAI. We offer zero-knowledge, client-side encryption designed for enterprises handling sensitive data.

Why BoxedAI Is Different

Most AI platforms — including ChatGPT, Gemini, and hosted startup tools — follow the same pattern: your data hits their servers in plaintext, gets stored in their database, and you trust them not to misuse it. Your conversations, documents, and proprietary knowledge all sit on infrastructure you don't control.

BoxedAI takes a fundamentally different approach. The server is cryptographically locked out of your data.

	Typical AI Platform	BoxedAI
Who holds the key?	The platform	You (browser-side)
Server sees plaintext?	Yes, always	Never — only ciphertext
Database breach exposes?	All conversations in full	Encrypted blobs, unreadable without your key
Admin/insider can read data?	Yes	No — zero-knowledge by design
Data leaves your network?	Always	Only ephemeral inference context to the LLM provider
You control infrastructure?	No	Yes (self-hosted)

With a typical platform, you're trusting a company. With BoxedAI, you're trusting math.

Overview

BoxedAI uses a zero-knowledge encryption model. When encryption is enabled for your organization:

• An encryption key is generated in your browser using the Web Crypto API.
• Messages are encrypted before leaving your device and stored as ciphertext on the server.
• The server never sees your encryption key or plaintext messages.
• AI responses stream as plaintext, then your browser encrypts them before storage.

What Gets Encrypted?

When Encryption is enabled for your Organization:

1. Message Content: Every user message is encrypted in the browser before being sent to the server. AI responses are encrypted by the browser after streaming completes.
2. API Keys: External API keys (e.g., for OpenAI) are always encrypted at rest, regardless of the organization encryption setting.

What is NOT Encrypted?

1. Metadata: Chat titles, user email addresses, and timestamps are stored in plaintext for indexing and navigation.
2. Inference Data: To generate AI responses, your messages must be sent to the LLM provider in plaintext. The browser sends a plaintext copy of the conversation context alongside the encrypted message so the server can forward it to the AI model. This plaintext context is ephemeral — it is never stored.

Privacy Recommendation: If you require a 100% guarantee that no third party can see your data, use BoxedAI Self Hosted with Local Inferencing.

How It Works

1. Key Generation: When encryption is enabled, you generate an AES-256-GCM key in your browser using the Web Crypto API.
2. Key Storage: The key is stored in your browser's sessionStorage. It includes a key_id (UUID) for key rotation tracking.
3. Sending Messages: Your browser encrypts the message, sends the ciphertext for storage, and separately sends a plaintext copy of the conversation context for the AI to process.
4. Receiving Responses: AI responses stream to your browser as plaintext. Once complete, your browser encrypts the full response and sends it back to the server via the "seal" endpoint, replacing the plaintext with ciphertext.
5. Reading Messages: When you view a chat, your browser decrypts each message using the key from sessionStorage.

Key Management

• Key File: Your encryption key is exported as a JSON file containing the raw key material and a key_id.
• Loading a Key: If you close your browser or clear session data, you'll need to reload the key file to view encrypted messages.
• No Key = No Access: Without the key, encrypted messages display as "Message Encrypted. Load organization key to view."
• Key Rotation: The key_id field allows future support for key rotation — messages track which key encrypted them.

WARNING

Back up your key file securely. The server cannot decrypt your messages. If you lose your key, your encrypted messages are permanently unreadable.

Security Guarantees

• Zero Knowledge: The server never sees your encryption key. Even a compromised server cannot read your message history.
• At Rest: If an attacker steals the database, they will see only ciphertext for message content.
• Database Leaks: A SQL injection that dumps the messages table reveals nothing useful — just encrypted blobs.
• In Transit to AI: Message context is sent to the LLM provider in plaintext (necessary for AI to function), but this data is ephemeral and never persisted on the BoxedAI server.

Threat Model

Protected Against

• Database theft: Attacker steals a database backup — messages are ciphertext, key is not on the server.
• Server compromise: Even with full server access, stored messages cannot be decrypted without the browser-side key.
• Insider threat: Server administrators cannot read encrypted messages.

Not Protected Against

• Browser compromise: If malware is running in your browser, it could read the key from sessionStorage.
• LLM provider access: The AI provider receives plaintext conversation context to generate responses.
• Key loss: If all copies of the key file are lost, encrypted data is unrecoverable.

Enabling Encryption

1. Log in as a Superuser.
2. Navigate to Admin -> Settings.
3. Toggle Encryption on for your organization.
4. A key file will be generated in your browser — download and save it securely.
5. Share the key file with authorized team members through a secure channel.

Limitations

• Search: Full-text search on encrypted message content is not available (the server cannot read the content).
• Key Distribution: You must manually share the key file with team members who need access.
• Session Bound: The key lives in sessionStorage — closing the browser tab requires reloading the key.