We built a vault we cannot open.
Not "won't." Cannot. Your key is derived from a passphrase that never leaves your device, so what we store is unreadable to us, to an intruder, and to anyone who compels us.
Not "won't." Cannot. Your key is derived from a passphrase that never leaves your device, so what we store is unreadable to us, to an intruder, and to anyone who compels us.
As this section enters view, the cipher study resolves from noise to the one sentence that matters. The rest of this page stays readable and still.
Every entry is encrypted on your device before sync. The key is derived from your passphrase with a memory-hard function; it is never transmitted, logged, or escrowed.
Release doesn't hand us a master key — there isn't one. Beneficiary access combines a share they hold with a share that unlocks only after your conditions are met.
Time-based codes are generated inside the encrypted client, so your second factors survive you too — no locked authenticator app standing between your family and your email.
A printed recovery kit — passphrase hint, recovery code, instructions — lives wherever you keep serious paper. Lose everything and the kit still gets you back in. We can't reset what we can't read.
One click produces a decrypted archive of your entire vault, on your device, in open formats. Leaving must always be possible; that keeps us honest.
If we're ordered to hand over your data, we comply — with ciphertext. The design makes the polite version and the adversarial version of us equally harmless.