Dropbox encrypts your files on their servers, with their keys, so their staff can decrypt them when needed.
Session™ Vault encrypts your files on your device, with your keys, so nobody on our side can decrypt them at all.
| Capability | Session™ Vault | Dropbox |
|---|---|---|
| Who holds the encryption keys | You | Dropbox |
| Server can decrypt your files | No, by design | Yes, by design |
| Server-side AI scans file content | Only with your consent, per track | Yes (Dash, summaries, search) |
| Subpoena response | Scrambled bytes only | Plaintext can be handed over |
| Cryptographic compute attestation receipts | Max | No |
| Per-recipient forensic watermark | Pro | No |
| Find a leaked clip back to the leaker | Max (Leak Lookup) | No |
| Built for music workflows (stems, BPM, key, atmos) | Yes, end-to-end | No, generic cloud |
| Files encrypted at rest | Yes (your keys) | Yes (Dropbox keys) |
Dropbox markets "encrypted" without specifying who holds the keys.
Most readers fill in the strongest interpretation and assume Dropbox can't read their files.
Dropbox can read them, by design.
Session™ Vault cannot read them, by a stricter architectural design that math itself enforces.