By: Jeremy Diebert, Chief Architect — Pretty Fluid Technologies
When we designed the core infrastructure for Zentinel, we made a decision that added significant engineering complexity: we built the system so that we would never be able to read the data stored in it.
Every record that enters Zentinel is encrypted on the client side — in the browser or the application — before it is transmitted to our servers. We store ciphertext. The encryption keys stay with the data owner. We have no mechanism, and no path, to decrypt the data we hold. This is what zero-knowledge architecture means in practice.
At the time, some colleagues asked whether this was necessary. We had strong access controls. We had logging. We had audit trails. Why add the overhead of client-side encryption?
Three years later, the answer is everywhere you look.
The Change Healthcare breach in early 2024 compromised the records of 100 million Americans — not because the company had weak perimeter defenses, but because an attacker with valid credentials could move laterally through a system where data sat unencrypted at rest. The 23andMe bankruptcy in 2025 put a database of 15 million genetic profiles on the auction block, because the company held the data in a form it could read and therefore sell. The Snowflake credential breaches of 2024 exposed dozens of organizations because their cloud-stored data was accessible to anyone with a valid login.
In each case, the vulnerability was the same: the data was readable by the platform that held it. That means it was readable by anyone who could access the platform — through stolen credentials, through a court order, through a bankruptcy sale, through an insider threat, or through a subpoena to a foreign jurisdiction.
Zero-knowledge architecture does not eliminate all risk. It eliminates a specific and increasingly exploited category of risk: the platform itself as an attack surface.
For healthcare, legal, financial, and any other domain where the sensitivity of data creates existential liability, zero-knowledge is not a feature. It is a design requirement. We built it in from the start because we believed that. The last two years have confirmed it.
