Security & Privacy First
Bank-level security protecting your family's most important information
End-to-End Encryption
Your documents are encrypted on your device before they ever reach our servers. We use AES-256 encryption—the same standard used by banks and governments.
Client-Side Encryption
Documents encrypted in your browser before upload
Zero-Knowledge Architecture
Server never sees unencrypted documents or your passphrase
User-Controlled Keys
Only you have the passphrase to decrypt your vault
How Encryption Works
Create Vault Passphrase
You choose a strong, unique passphrase
Encryption Happens Locally
Documents encrypted in your browser with AES-256
Encrypted Upload
Only encrypted data is sent to our servers
Secure Storage
Documents stored encrypted on Supabase infrastructure
Client-Side Decryption
When you view, documents decrypted in your browser
Advanced Password Reset Protection
Protect your account even if your device is stolen
Security Question Verification
Password reset requires both email access AND knowledge of your security question answer (birth city). This prevents attackers from locking you out.
Anti-Lockout Protection
Thieves can't lock you out (don't know birth city)
User Lockout Power
You can lock out thieves (know birth city, trigger global signout)
Bcrypt Encryption
Security answers hashed with industry-standard bcrypt (10 rounds)
Global Session Signout
When you reset your password, all sessions across all devices are immediately signed out. Stolen devices are instantly locked out.
How It Works
- Enter email address
- Answer security question (birth city)
- Receive password reset email
- Set new password
- All sessions globally signed out
- Stolen devices immediately locked out
Privacy & Data Protection
GDPR-compliant data handling with your rights at the center
Data Isolation
Row Level Security ensures household data separation. Your data is only accessible to your household members.
- • Household-based RLS policies
- • Automatic data isolation
- • No cross-household access
Right to Deletion
Complete account deletion removes all your data from our systems permanently.
- • Deletes all user data
- • Removes storage files
- • Cascading deletion
No Data Selling
Your data is never sold or shared with third parties. Period.
- • Minimal data collection
- • No tracking cookies
- • No analytics sharing
Data Storage & Transmission
Encryption at Rest
All data stored on Supabase infrastructure with enterprise-grade security. Vault documents encrypted with user-controlled keys.
Encryption in Transit
All data transmitted via HTTPS with TLS 1.3. No unencrypted communication ever.
Authentication & Access Control
Robust authentication with multiple layers of protection
Password Hashing
Bcrypt with 10 rounds for password and security answer hashing. One-way encryption prevents reverse engineering.
JWT Tokens
Secure JWT-based authentication with Supabase Auth. Tokens expire and refresh automatically.
Session Management
Server-side session management with automatic expiration and global signout capability.
VAPID Authentication
Web push notifications secured with VAPID (Voluntary Application Server Identification) protocol.
Security Best Practices
We follow industry standards to keep your data safe
XSS Prevention
Input sanitization and output encoding to prevent cross-site scripting attacks
CSRF Protection
Cross-Site Request Forgery protection on all state-changing operations
SQL Injection Prevention
Parameterized queries and prepared statements prevent SQL injection
Secure Headers
HTTP security headers including CSP, HSTS, and X-Frame-Options
Regular Updates
Dependencies updated regularly to patch security vulnerabilities
Audit Logging
Complete audit trails for transfers and sensitive operations
Security Transparency
We believe in transparency about how we protect your data. If you have security questions or concerns, we're here to answer them.
Your Security is Our Priority
Start protecting your family's information with bank-level security
Get Started FreeFree for 1 year • No credit card required