Every security page on the internet says some version of "we take your privacy seriously." The claim is unfalsifiable, which is exactly the problem. The strongest security posture a vendor can take is architectural: build the system so the vendor couldn't read your data even if compelled to try.
Zero-knowledge isn't a feature toggle — it's a set of structural commitments:
A recovery path for you is a backdoor for everyone.
The practical test for any "zero-knowledge" claim: ask what happens when the vendor is breached. If the honest answer is "attackers get nothing but ciphertext they can't key," the architecture is doing the work. If the answer involves the vendor's incident response process, you're trusting a promise, not a design.
The same philosophy scales up. Across the Strat101 suite, tenant isolation, row-level security and encrypted API key storage follow the same rule: minimize what we can see, so you don't have to wonder about what we would do. And CiFort — free, forever — is the purest expression of it: a vault only you can open.