All sensitive data stored in your vault is protected with end-to-end encryption using industry-standard AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode). This means your passwords, secure notes, and credit card information are encrypted on your device before being sent to our servers. We never have access to your unencrypted data, and even if our servers were compromised, your information would remain secure.
We operate on a zero-knowledge architecture, which means we cannot see, access, or recover your encrypted data or master password. Your master password is never transmitted to our servers in plain text, and we do not store it anywhere. All encryption and decryption happens locally on your device using keys derived from your master password. This ensures that you are the only person who can access your vault.
Your master password is what you use to log in to your account. This same password is used to derive your encryption key, which is used to encrypt and decrypt all your sensitive data. Your master password is never stored on our servers, and we cannot recover it if you forget it. We strongly recommend using a strong, unique master password and storing it in a secure location. If you forget your master password, you will not be able to access your encrypted data.
We use PBKDF2 (Password-Based Key Derivation Function 2) to derive your encryption key from your master password. This process uses a unique salt stored securely in our database for each user, making it computationally expensive for attackers to brute-force your password. The key derivation process ensures that even if someone gains access to encrypted data, they cannot decrypt it without your master password.
Your encrypted data is stored securely in our database. Each encrypted field is stored with its own initialization vector (IV), which ensures that even if the same password is stored multiple times, the encrypted values will be different. This prevents pattern analysis attacks. We use secure database practices and follow industry standards for data protection and access control.
Due to our zero-knowledge architecture, we cannot access your passwords, secure notes, credit card numbers, CVV codes, or any other sensitive information stored in your vault. We cannot recover your master password if you forget it. We cannot see what websites you have saved passwords for, or any of the content of your secure notes. Your data remains private and secure, accessible only to you.
To maximize your security, we recommend:
We are committed to maintaining the highest standards of security. We regularly review and update our security practices, monitor for potential vulnerabilities, and implement security improvements as needed. Our encryption methods follow industry best practices and are designed to protect your data now and in the future.