Zero Knowledge isn't technical jargon — it's a simple promise: Cleverpass is built so that not even we can see your passwords. If we don't know them, no one can take them from us.
No jargon. Here's the explanation you'd give to someone who doesn't know anything about technology.
Think of a bank. When you deposit money, the bank stores it in its safe. They have the key. If someone robs the bank, they steal your money. If an employee is corrupt, they can access your money.
Zero Knowledge is the opposite: imagine you bring your own house padlock — with your own unique key — and install it inside the bank's safe. The bank only stores the metal box. It never had your key. It cannot open it. It does not know what's inside.
When you send a letter in a sealed envelope, the mail carrier transports it. They don't know what it says inside. If the carrier loses the envelope or someone steals it, the message remains unreadable to anyone who is not the recipient.
Cleverpass is the mail carrier. It moves your data (encrypted) between your device and your Google Drive. It never opens the envelope. It never reads the message.
This is the journey of your password from the moment you type it until it is stored. No intermediaries can read it.
When you enter your master password, it is used on your device to generate a cryptographic key. That key is never sent to any server. It only exists on your device while you enter it and is erased immediately after processing.
Your data is fully encrypted before leaving your phone or computer. What travels over the internet or is stored in the cloud is an encrypted file that is meaningless without your key.
To read your passwords you must have the key, and the key is generated by your master password. Without it, the encrypted file is random garbage to anyone who intercepts it.
This is not an accident. It is a deliberate architectural choice that makes the system mathematically more secure.
Many password managers store your vaults on their servers. That means there is a juicy target for hackers. We remove that target completely.
The permanent storage of your vault is on hardware you control. Cleverpass never has a copy of your decrypted or permanently encrypted data.
Because the source of truth is local, you can access all your passwords offline. If our servers went down or we shut down tomorrow, your data would still be yours and accessible.
Synchronization uses your own Google Drive account. Cleverpass does not have a shared storage account where thousands of users' data lives. Each user has their own isolated, independent space.
To steal password from Cleverpass users, an attacker would need to compromise each individual device of each user. There is no central database to offer as a reward.
Not all password managers are the same. Here is the real difference.
This is how Zero Knowledge architecture responds to the most frequent attack scenarios.
An attacker gains access to Cleverpass internal infrastructure.
Someone with internal access tries to spy on users' passwords or sell them...
Because of a security flaw or phishing, an attacker gains access to your Google Drive account and downloads your vault...
A man-in-the-middle attack intercepts traffic while you sync your data...
We clarify the most frequent doubts that arise when this architecture is explained.
"If you don't have my data, how can you recover my account if I forget the password?"
We can't recover your master password — and that is precisely the guarantee that no one else can either. It's like the combination to a safe: only the owner knows it. That's why it is so important to choose a memorable master password and save the recovery code we offer when you set up the app.
"Zero Knowledge means the app can't do anything useful with my data"
Don't confuse "Cleverpass can't see your data" with "the app can't process it." The app decrypts your data on your own device and can do everything required: autofill, search, organize, sync. The difference is that this processing happens locally, not on our servers.
"This only matters if I am a target of professional hackers"
Massive password manager breaches affect ordinary users, not specific targets. LastPass, for example, was hacked in 2022 and millions of ordinary users' vaults were exposed. With Zero Knowledge architecture that simply cannot happen.
"If you use Google Drive, Google can see my passwords"
Google only sees an encrypted, unreadable file in your Drive, just like it sees encrypted files from any other app. Without the decryption key (your master password, which Google never has), the file is completely incomprehensible. Google doesn't even know it's a password manager.
Zero Knowledge is not a premium feature. It is the foundation of how Cleverpass works from day one, for all users.
Download Cleverpass free