🔍 What We Can See (and What We Can't)

🤝 Our Promise

Your trust is everything to us. That’s why we’re radically transparent about what we can see — and what we absolutely cannot.

“Trust is earned in droplets and lost in buckets.”

We’ve built everything around this principle — from how your data is encrypted in your browser to how we limit what even we can access. Your vault, your keys, your privacy.

✅ What We Can See

Email Address — used for your login and notifications
Name — used to share your name with trusted contacts to notify who the vault belongs to
Password Hint — if you provided one during setup
Sign-in Timestamps — the times you logged in
Vault Overview — how many bank accounts, loans, etc. you’ve saved (not the data within the record)
Created/Updated Dates — when records were added or last changed
Trusted Contacts’ Contact Info — just their email and name to share the vault

❌ What We Cannot See

Any details within a record, e.g.:
- Account Numbers
- Sort Codes
- Financial Info
- Private Notes
Your Decryption Keys or master password
Anything inside your vault — it's encrypted client-side and unreadable to us

🔐 How Encryption Works

When you create your vault, a master key is generated in your browser. This key encrypts all sensitive data on your device before anything is sent to our servers. Nothing sensitive is ever stored in plain text, and all data is transmitted over secure encrypted HTTPS connections. Only you — with your master password — can decrypt the data. We never have access to your keys, and your private data remains entirely unreadable to us at all times.

Put simply: you hold the keys. We just store the lockbox.