Your data is encrypted on your device before it ever travels. The key is made from your password and never leaves you. We store only sealed ciphertext — so even we can't open it.
Nothing readable ever reaches our servers. Encryption happens on your device, with a key only you hold.
Argon2id derives your key from your password on your device. The password is never transmitted.
Every field is encrypted with XChaCha20-Poly1305 — authenticated, so tampering is detected.
Our servers receive sealed blobs. There is no master key on any server to find.
Even we can't open it.
This is zero-knowledge. Access comes from keys you control — not from job titles.
Built on libsodium — the most audited cryptographic library. No invented ciphers. No RSA. No legacy padding.
Authenticated encryption for all data. The same cipher used by Signal, WireGuard and Cloudflare.
Elliptic-curve key agreement. 32-byte keys — far smaller and faster than RSA, with no padding to misuse.
Winner of the Password Hashing Competition. A memory-hard function that defeats GPU and ASIC attacks.
High-performance signatures for the audit trail, identity certificates and event logs.
You can query encrypted data without decrypting it. Keyed HMAC signatures let the database match records by signature — it never sees the plaintext.
A hybrid framework runs the classical primitives alongside the NIST post-quantum standards. When quantum computers arrive, the upgrade is already in place — no data re-encryption needed.
No master key sits on any server. Access is shared and revoked by wrapping keys for each person — not by trusting an administrator.
Your keys are derived from your password on your device. The same password always derives the same keys — nothing is stored server-side to steal.
Data keys are wrapped for each recipient with X25519 sealed boxes. Granting or revoking access is instant — no data is ever re-encrypted.
A built-in certificate authority issues Ed25519-signed identity certificates, binding each key to a person inside your organization.
Every meaningful event is logged in a chain. Each entry is hashed onto the one before it and signed with Ed25519. Change one record and the whole chain breaks — visibly.
Every attack ends the same way: there is nothing readable to take.
They take ciphertext — mathematical noise. No master key exists on any server, so there is nothing to unlock and nothing to ransom.
A DBA sees only encrypted blobs. They cannot read, cannot forge and cannot leak anything meaningful.
We can only hand over what we hold: encrypted data we cannot decrypt. Zero-knowledge means zero access.
The data is already encrypted. There is no readable copy to hold hostage and nothing to threaten to leak.
We never hold your plaintext keys. Our servers store only ciphertext. We cannot read your data even if we wanted to.
The ML-KEM / ML-DSA hybrid framework is already in place — classical and post-quantum combined, as a drop-in upgrade.
Ransomware works by encrypting your data and selling it back to you. Our data is already encrypted — and a stolen copy is mathematical noise. There is no leverage, and nothing to leak.
This is everything an attacker who steals our database actually gets.
Bring your hardest security questions. We will show you your own data turning to ciphertext before it leaves the browser.