Sharing & teams

Sharing items with other users

Item keys are sealed to the recipient's public key on your device — the server never sees a usable key.

Updated 2026-07-11

On Pro and Team plans you can share individual items with other TimeLock users.

How sharing stays zero-knowledge

Every user has a public/private key pair; the private key is protected by their master password. When you share an item:

  1. Your device decrypts the item's key (you must be able to open the item to share it).
  2. Your device seals that key to the recipient's public key.
  3. The server stores and relays the sealed box — which it cannot open.

The recipient's device unseals the key with their private key and can then decrypt the item. At no point does the server hold a usable decryption key.

Schedules still apply

If a shared item is time-locked, the schedule binds every recipient too — the server-held wrap layer is only removed during the window, no matter whose client asks.

Revoking

Unsharing removes the recipient's sealed key. Remember the honest caveat: anything the recipient already opened during a window may have been copied — revocation controls future access, not memory.

Ready for a vault that can't be read — even by us?

Start a free trial today. Your master password never leaves your browser, and any secret can be locked to a schedule.