All cryptographic operations happen in your browser using the native Web Crypto API. No server-side decryption, no external crypto libraries.
We use the browser's built-in crypto.subtle API — implemented in C/C++ by browser vendors, hardware-accelerated, and independently audited by security researchers.
Zero JavaScript crypto dependencies. No CryptoJS, no forge, no tweetnacl. Fewer dependencies means a smaller attack surface and no supply chain risk.
Data is encrypted in your browser, then sent as ciphertext via HTTPS. Double encryption in transit: AES-256-GCM (application layer) + TLS (transport layer).
Ciphertext is fetched from the server and decrypted in your browser. The plaintext exists only in browser memory — never written to disk, never sent back.
Each user has an RSA-4096 key pair. When sharing a vault, the vault key is encrypted with the recipient's public key. Only their private key can decrypt it.
No React, no Vue, no framework overhead. Pure vanilla JavaScript with the Web Crypto API. Works in every modern browser without polyfills or build tools.
Encryption that doesn't depend on trusting the server. Because you shouldn't have to.
Get Started