Trust should never be blind. Every security claim we make, every privacy promise we give, every protection we offer - you should be able to verify it independently. That's what the Trust Center provides.
Security Documentation Available for Review
We maintain comprehensive documentation of our security practices, and we make most of it publicly available. While some details must remain confidential for security reasons, we share everything we reasonably can.
Security Whitepaper
Detailed technical documentation of our encryption methods, zero-knowledge architecture, and security infrastructure. Updated quarterly.
Privacy Policy
Written in plain English, not legalese. Explains exactly what data we collect, why we collect it, and how we protect it. No hidden surprises.
Data Processing Agreement
Legal document defining how we handle your data. Required for GDPR compliance and available to all customers upon request.
Subprocessor List
Complete list of third-party services we use, what data they might access, and how they're vetted for security. Total transparency on who touches your data.
Independent Audit Reports & Certifications
We publish summaries of our security audits so you can verify we're actually as secure as we claim. While full audit reports contain sensitive details that could help attackers, we share enough for you to make informed decisions.
Available Audit Documents:
Published annually, redacted for security
Current certification with expiration date
Summary of findings and remediation
Vulnerabilities found, fixed, and rewards paid
Our Security Practices, Fully Documented
Encryption Standards
Data at Rest:
AES-256-GCM encryption for all stored data
Data in Transit:
TLS 1.3 with perfect forward secrecy
Key Management:
Hardware Security Modules (HSMs) for key storage
Password Hashing:
Argon2id with high iteration counts
Access Controls
- Multi-factor authentication required for all employee accounts
- Role-based access control (RBAC) with principle of least privilege
- All access logged and monitored for anomalies
- Automated access revocation when employees leave
- Regular access reviews to ensure appropriate permissions
Data Protection Measures
- Data minimization - we only collect what's absolutely necessary
- Automatic data deletion after account closure
- Encrypted backups with separate encryption keys
- Geographic data residency options for compliance
- Data loss prevention (DLP) systems monitoring for accidental exposure
Security Incident History (Yes, We Actually Publish This)
Most companies hide their security incidents. We believe transparency builds more trust than pretending we're perfect. Here's our complete security incident history:
Data Breaches Since Launch
Zero unauthorized access to customer data. Zero data leaks. Zero compromised accounts. This isn't luck - it's the result of security-first design and constant vigilance.
Our Promise: If a security incident ever occurs, this page will be updated within 24 hours with full details of what happened, what data was affected, and what we're doing about it. Transparency means honesty even when it's uncomfortable.
Third-Party Security Verification
Don't just trust our word. Here are the independent organizations that verify our security:
Annual Security Audits
Conducted by: Independent AICPA-certified auditing firms
Frequency: Annually for ISO 27001 and SOC 2, with quarterly surveillance
What they verify: Our security controls work as documented, policies are followed, and customer data remains protected.
Penetration Testing
Conducted by: Certified ethical hacking firms
Frequency: Bi-annually (every 6 months)
What they test: External and internal network security, web application vulnerabilities, API security, and social engineering resistance.
Vulnerability Scanning
Conducted by: Approved Scanning Vendors (ASV) for PCI compliance
Frequency: Quarterly
What they scan: All external-facing systems for known vulnerabilities and configuration weaknesses.
Code Security Review
Conducted by: Application security specialists
Frequency: Before every major release
What they review: Source code for security vulnerabilities, insecure dependencies, and coding best practices.
How We Protect Your Privacy Beyond Compliance
Compliance is the baseline, not the ceiling. We implement additional privacy protections that go beyond what regulations require:
We collect anonymous app crash reports to improve reliability, but they contain zero personally identifiable information. You can opt out entirely.
We don't work with ad networks, tracking companies, or data brokers. Your data never leaves our ecosystem.
Most privacy-protective settings are enabled by default. You don't have to dig through settings to protect yourself.
We automatically delete data we no longer need. No hoarding information "just in case."
Infrastructure & Data Location Transparency
You deserve to know where your data is stored and who has potential access to it.
Primary Data Centers
United States (East Coast & West Coast)
European Union (Frankfurt, Germany)
All facilities are Tier 4 certified with SOC 2 compliance
Data Residency Options
Choose where your encrypted data is stored
EU customers can require EU-only storage
Data never leaves your chosen region
Important: While your data may be stored in specific countries, it's encrypted with keys only you possess. Even if a government seized our servers, your data remains encrypted and inaccessible without your master password.
Questions About Our Security or Compliance?
Security and compliance can be complex topics. If you have questions about our certifications, want to review specific documentation, or need clarification on our security practices, we're here to help.
Get in Touch
Have questions about our security practices, certifications, or compliance documentation?
Contact Our Security TeamResponse time: Within 24 hours for all security and compliance inquiries
Compliance-Grade Security, Consumer-Friendly Protection
You get the same security standards that protect banks and government agencies, without needing to be a compliance expert. Just install, activate, and trust that industry-leading certifications are protecting you.
Get Started Now