Updated 2026-07-11
Everything in your vault is encrypted in your browser (AES-256-GCM, per-item keys) under keys derived from your master password via Argon2id. The server stores ciphertext, wrapped keys, and a one-way verification hash — nothing it can decrypt.
What this defeats
A database dump, a stolen backup, a curious database admin, a platform administrator with full table access: all of them get ciphertext. There is no server endpoint that returns plaintext to anyone, and the admin panel has no decrypt path.
What it doesn't defeat
We publish these instead of hiding them:
- Tampered client JavaScript from a truly malicious operator — inherent to browser-delivered encryption; mitigated by CSP, SRI, published build hashes, reproducible builds, and best of all the signed browser extension.
- A compromised device — out of scope for any password manager.
- A weak master password — mitigated by Argon2id and a strength meter, not eliminated.
- Human memory — a secret revealed during a window can be copied.
- Lost master password + lost Recovery Key — permanently unrecoverable data, by design.
The full write-up lives on the security page.