Security Architecture Built for Trust
Understand the comprehensive security measures that protect your family's most sensitive information. From zero-knowledge encryption to distributed key management, every detail is designed for maximum privacy.
Zero-Knowledge Architecture
We've built a system where even we cannot access your data. This isn't just a promise, it's mathematically impossible.
What is Zero-Knowledge?
Zero-knowledge means that your data is encrypted on your device before it ever reaches our servers. We store only encrypted data that is mathematically impossible for us to decrypt without your master key.
Our personalized document recommendations are generated based on your answers to privacy-focused questions, with recommendations computed locally before being stored alongside your encrypted data.
How it works:
You create documents on your device
Data is encrypted using your master key (only you have this)
Encrypted data is sent to our servers for storage
Your family can decrypt it only with the key you share with them
Your Device
Data encrypted here
Our Servers
Only encrypted data stored
Technical Implementation
Deep dive into the cryptographic standards and architectural decisions that make Eternal Vault secure.
AES-256-GCM Encryption
Algorithm: Advanced Encryption Standard with 256-bit keys
Mode: Galois/Counter Mode (GCM) for authenticated encryption
Benefits: Same standard used by banks for top-secret documents
Performance: Hardware-accelerated on modern processors
Scrypt Key Derivation
Function: Memory-hard key derivation function
Parameters: N=32768, r=8, p=1 (high security)
Protection: Resistant to hardware-based attacks
Salt: Unique 32-byte salt per user
Shamir's Secret Sharing
Scheme: (k,n) threshold secret sharing
Implementation: Cryptographically secure key splitting
Benefits: No single point of failure
Flexibility: Require any k of n shares to reconstruct
Web Worker Isolation
Environment: Dedicated JavaScript worker thread
Isolation: Separate memory space from main thread
Security: Protected from DOM manipulation attacks
Performance: Non-blocking cryptographic operations
Security Architecture Flow
1. Master Key Generation
10-word mnemonic generated using cryptographically secure random number generator
2. Document Encryption
Files encrypted client-side using AES-256-GCM before transmission
3. Key Distribution
Master key split using Shamir's Secret Sharing for family access
4. Secure Storage
Encrypted data stored on secure servers with zero-knowledge guarantee
What We Protect Against
External Threats
- Data breaches and server compromises
- Man-in-the-middle attacks
- Government surveillance and subpoenas
- Password brute-force attacks
Internal Threats
- Rogue employees or administrators
- Accidental data exposure
- Business model changes or acquisition
- System vulnerabilities and bugs
Our Privacy Commitments
No Data Mining
We don't analyze, sell, or profit from your personal information. Your data is yours alone.
Privacy-First Analytics
We use Umami, a GDPR-compliant analytics tool that respects your privacy while helping us improve the app.
Minimal Data Collection
We only collect what's necessary for the service to function. No excess data gathering.
Transparent Security
Our security architecture is fully documented and auditable. Every claim can be verified.
The Bottom Line
We built Eternal Vault because we believe your family's privacy shouldn't depend on corporate promises. With zero-knowledge encryption, even we can't access your data – and that's exactly how it should be.