Security Architecture

Trust through
Cryptography.

We don't ask you to trust us. We built an architecture where you don't have to. Your keys never leave your device unencrypted.

Client-Side Encryption

Before any data touches the network, it is encrypted on your device using a key derived from your master password. The server only ever sees a meaningless blob of random-looking data.

AES-256-GCM

PBKDF2

TLS 1.3

Your Keys

Encrypted

blob

Rooted Cloud

Zero Knowledge

We physically cannot see your data. Your master password is never sent to our servers. If we were compromised today, your data would remain secure.

Server Access:False

Decryptable by Staff:False

Strong Defaults

We use industry-standard algorithms. No custom crypto. Everything is vetted and proven.

EncryptionAES-256-GCM

Key DerivationPBKDF2 (SHA-256)

TransportTLS 1.3

Trust through Cryptography.

Client-Side Encryption

Zero Knowledge

Strong Defaults

Trust through
Cryptography.