Security Architecture

Defense in depth — four independent layers protecting your assets.

0-bit

Encryption

PBKDF2

Layers

Backdoors

Layer 01

Client-Side Encryption

Your private key is encrypted with AES-256-GCM before it ever touches storage. The encryption key is derived from your password using PBKDF2 with 600,000 iterations.

Cipher

AES-256-GCM

Key Derivation

PBKDF2-SHA256

Iterations

600,000

Salt

32 bytes random

12 bytes random

Engine

Web Crypto API

Zero-Knowledge Architecture

Our server never has access to anything that could compromise your funds.

Private Keys

Encrypted locally, never transmitted

Seed Phrases

Shown once, never stored

Passwords

Used locally for encryption only

Fund Custody

You hold your own keys

Admin Override

No backdoor in contracts

User Tracking

No analytics or IP logging