Client-Side Encryption
When you store an encrypted file through Zark, encryption happens on your device before the data ever leaves your browser. The unencrypted content is never transmitted over the network or seen by Zark’s servers. This means even if someone intercepted the data in transit or gained access to storage systems, they would only see encrypted content.Programmable Access Control
Access rules are encoded on the blockchain, making them transparent, auditable, and tamper-proof. When someone requests access to encrypted data, the system checks whether the requester satisfies the policy. Only if conditions are met are decryption keys released. This means access rules are enforced by code, not company policies. There’s no way for an administrator to grant unauthorized access by changing a setting. The policy executes exactly as written. See How Zark Uses Walrus & Seal for how this works in practice.
Encryption and access control flow
Types of Access Control
Seal supports sophisticated access patterns beyond simple user permissions:- User and Group Access: Restrict access to specific users, wallet addresses, or defined groups
- Token-Gated Access: Require ownership of specific tokens or NFTs to access content
- Time-Based Rules: Make content accessible only during specific time windows or at future dates
- Role-Based Access: Define roles with different permission levels
- Conditional Logic: Combine multiple conditions with AND/OR logic