Vaultneur encrypts every document, every record, every field on your device — before any byte touches our servers. We hold no key that can decrypt your vault. Not because we promise; because we built it that way.
Most "secure" apps trust their own backend with the keys. We don't. Vaultneur is built so that if our database were leaked tomorrow, an attacker would see ciphertext blobs, file sizes and timestamps — nothing else. Your password is the only thing that can derive the key that unwraps your vault, and your password never leaves your phone. We can't decrypt your data, even under subpoena.
Every file you save runs through the same flow. Encryption finishes before the app makes a single network request.
Face ID, Touch ID or your password unlocks the vault key from the device's secure storage slot (WHEN_UNLOCKED_THIS_DEVICE_ONLY).
Picked from camera, gallery or a PDF picker, then loaded into memory as a base64 string. Nothing has left the phone yet.
A fresh 12-byte IV is generated, then the base64 is encrypted with the in-memory vault key. Output: v2:.
The filename and content type are run through the same cipher, with their own IVs. Only the file type in the records table stays plaintext.
The encrypted body is uploaded as application/octet-stream to encrypted_documents/{user_id}/{random_id}.enc.
Encrypted filename, encrypted MIME, file size and timestamps are written to the documents table. RLS enforces auth.uid() = user_id.
The heart of the security model. Read top-to-bottom — each layer wraps the one above it.
The actual key that encrypts every document, every record, every field.
Generated once on signup using cryptographically-secure randomness, then
stored in the OS keychain with the WHEN_UNLOCKED_THIS_DEVICE_ONLY
access flag while the vault is open. Cleared from memory the moment the vault locks.
Derived from your password + email (lowercased, trimmed, used as the KDF salt). This key never encrypts your data directly — it encrypts the vault key. The wrapped vault key is stored both on-device and in Supabase, so you can unlock on a new phone with just your password.
If you opt in, the raw vault key is also stored in a separate keychain slot gated by Face ID, Touch ID or fingerprint. Lets you unlock without typing your password. Wiped on sign-out, on biometrics-disabled, or when system biometrics enrolment changes.
Nothing exotic. Every primitive is industry-standard and recommended by NIST, OWASP or active RFCs.
Authenticated encryption for files, filenames, MIME types and every record field. 256-bit key, 12-byte IV per blob, 128-bit auth tag.
310,000 iterations — the OWASP 2023 floor for SHA-256. Salt is your lowercased, trimmed email. Derives the password key that wraps your vault key.
All IVs, vault keys and recovery passphrases come from the platform's CSPRNG via Expo crypto — backed by /dev/urandom on Android and SecRandomCopyBytes on iOS.
A 24-word passphrase from a curated wordlist. Used as a PBKDF2 input with a fixed domain salt (vaultneur-recovery-v2) to derive an alternate wrap key.
Used to hash your recovery key for verification (we never store the recovery key itself), and to fingerprint your hand-drawn signature on signed documents.
Modern TLS on every Supabase request, with HTTPS-only pinning at the platform level. No fallbacks to broken curves, ciphers or old versions.
crypto.subtle) via Hermes on the React Native new architecture.
On older devices, the app transparently falls back to expo-crypto + CryptoJS.
Legacy AES-CBC ciphertexts (from earlier app versions) are auto-detected and decrypted
seamlessly — the v2: prefix is what tells the app which path to take.
No exotic container formats. Three colon-separated parts, base64-encoded, version-prefixed for future-proofing.
Format version. Tells the app to use AES-256-GCM. v1 and unversioned strings are decrypted as legacy AES-CBC.
12 random bytes, base64-encoded. Fresh per encryption — never reused across two blobs, even for the same field.
The encrypted payload plus a 128-bit GCM authentication tag. Tampering with a single bit fails decryption.
Two object types live in your vault: documents and records. Here's exactly which parts are ciphertext before they leave your phone.
Files in Supabase Storage.
Six types: ID, Medical, Financial, Crypto Wallet, Login, Other.
We sync your encrypted vault so you can restore on a new phone. We do not — and cannot — read what's inside.
Encrypted file blobs uploaded as application/octet-stream. Path is encrypted_documents/{user_id}/{random_id}.enc — random UUID, never the real filename.
Encrypted vault-key wrappers, encrypted titles, encrypted record JSON, file sizes, timestamps. No plaintext content. No plaintext titles or field values.
Every table enforces auth.uid() = user_id at the database layer. A stolen API key can't read another user's rows; the database refuses the query.
One DB function wipes documents (Storage), records, recovery data and the auth account server-side in a single transaction. No tombstones, no retention.
Encryption protects what's in the vault. These features protect who gets to open it.
Face ID, Touch ID and fingerprint, gated by the OS secure element. Biometric data itself never leaves Apple's or Google's hardware — we just receive an unlock signal.
Six choices: Immediate, 1 min, 5 min, 15 min, 1 hour, Never. Triggers on app background, so backgrounding the app on a glance-share is always safe.
Passwords, recovery seeds and other secret-ish fields render as •••••••• by default. Tap to reveal; auto-hides 30 seconds later in case you walk away.
Generated with platform CSPRNG from a curated wordlist. View, copy or export as a .txt file in Settings. We store only the SHA-256 hash for verification.
Draw your signature → SHA-256 hash stored alongside the document with an ISO timestamp. The signature image itself is encrypted into the document blob.
Blood type, allergies, emergency contacts — separately encrypted, shareable as a QR code to first responders or trusted people, without unlocking the rest of the vault.
The honest version. If anything on the right moved to the left, you'd see it in the changelog before it shipped.
application/octet-streamThese are the only platforms involved in your encrypted vault. Nothing else gets to touch it.
Hardware-isolated keychain on iPhone and iPad. Holds the vault key behind Face ID / Touch ID — even iOS itself can't read it.
Hardware-backed keystore (StrongBox where available). Stores the vault key behind fingerprint / device PIN, with the same role as Secure Enclave.
Auth, Postgres and Storage. Sees ciphertext only. Row Level Security on every table; one DB function wipes everything on account deletion.
Subscription state for the Pro tier (entitlement pro). Receives a user ID and entitlement flag — nothing about your documents.
We never sell, share or monetise your data. We built Vaultneur so we can't, even if we wanted to. Your privacy isn't a feature — it's the architecture.
Email info@vaultneur.com — we read every message. For security issues, please mark the subject line [SECURITY].