We use a Zero-Knowledge architecture, meaning we can never see your 2FA seeds. Your keys are encrypted on your device before they ever touch our servers.
Your Device
Encryption happens here
Our Servers
Only sees encrypted blobs
Teammate
Decryption happens here
Compliant with Industry Standards
Security isn't just a feature; it's the foundation of our entire stack.
All data is encrypted using AES-256-GCM locally on your device. We use PBKDF2 SHA-256 to derive keys from your master password. In transit, all communications are secured via TLS 1.3.
We engage independent top-tier security firms to perform quarterly penetration tests on our web application, API, and mobile apps.
Hosted on AWS with strict VPC isolation. We utilize WAFs, DDoS protection, and automated intrusion detection systems to safeguard availability.
Beyond technology, we provide the controls you need for governance.
Define read, write, and share permissions at the folder or item level. Limit access to specific teams.
Every decryption event, share, and edit is logged immutably. Export logs to your SIEM.
Instantly revoke access for compromised devices or departing employees with a single click.
Download our security whitepaper or schedule a call with our CISO.