We literally cannot read your vault.
Even if our servers were seized, hacked, or subpoenaed, your passwords stay encrypted with a key only you have.
1. Your Master Password derives a key — in your browser
When you set your Master Password, we run PBKDF2-SHA256 with 600,000 iterations and a random salt to derive a Master Key. This happens entirely in your browser. The password itself is never sent to us.
2. A random Vault Key encrypts every item
Your browser generates a random 256-bit AES-GCM Vault Key. This key encrypts every password, note, and card in your vault. The Vault Key is then wrapped (encrypted) with your Master Key before being stored on our server.
3. Our server only ever sees ciphertext
Every vault item arrives at our database as encrypted bytes plus a random IV. We have no way to decrypt them. Not us, not Google, not a court order. The Master Key never leaves your device.
4. The catch: you are the only key holder
If you forget your Master Password AND lose your 12-word recovery phrase, your vault is unrecoverable. There is no 'reset password' email. This is the price of true zero-knowledge — and exactly why nobody else can read your stuff either.
Cryptographic specifications
- Key derivation
- PBKDF2-HMAC-SHA256, 600,000 iter
- Salt
- 16 random bytes, per user
- Symmetric cipher
- AES-GCM-256
- IV
- 12 random bytes, per item
- Crypto library
- Web Crypto API (browser-native)
- Transport
- HTTPS / TLS 1.3