How it works

Zero-knowledge, by design

We built LegadoVault so that even we can't read your Vault. Your secrets stay encrypted on your device. What we store on our servers is unreadable ciphertext — to us, to our employees, to attackers, and to anyone with a subpoena.

Last updated April 16, 2026

We can see

Your email address and name
Your phone number, if you verified one
How often you sign in
That you have Vault Items — and roughly how many, in which categories
Your Trustees' names, emails, and phone numbers
Your dead-man's-switch configuration

We cannot see

Your Master Password
Your Recovery Key
The contents of any Vault Item — not one word
Your encrypted letters, videos, passwords, or instructions
Your Trustees' decryption passphrases
Anything we'd need to decrypt your Vault — even under legal compulsion

How the encryption works

When you set up your account, your browser generates a Master Encryption Key (MEK) that's 256 bits of random data. Every Vault Item you create is encrypted with this key before it leaves your device. Here's the step-by-step:

Step 1

Master password → wrapping key

Your Master Password is run through Argon2id — a memory-hard key-derivation function — with a unique 128-bit random salt. This produces a 256-bit wrapping key. Argon2id is deliberately slow to compute, which makes brute-forcing a stolen database virtually impossible.

Step 2

Wrapping key → encrypted MEK

The wrapping key is used to encrypt your MEK via AES-256-GCM. Only the encrypted MEK is stored on our servers. Without your Master Password, the wrapping key can't be recomputed, so the MEK can't be unwrapped, so the Vault can't be read.

Step 3

MEK → encrypted Vault Items

When you save a Vault Item (a letter, a set of account credentials, a video message), your browser encrypts it with the MEK using AES-256-GCM with a fresh random nonce for each item. Only the ciphertext is uploaded.

Step 4

Trustee passphrases → wrapped MEK

For each Trustee, you choose a separate passphrase and share it with them out-of-band (in person, in a sealed envelope, in your safety deposit box). Your MEK is wrapped with a key derived from that passphrase, also via Argon2id + AES-256-GCM. That wrapped copy is what the Trustee needs to decrypt the Vault Items you granted them access to. We never see the passphrase.

Step 5

Recovery key → backup unlock

At setup, we generate a 160-bit random Recovery Key, show it to you once, and let you print / download / copy it. A Recovery Key-derived wrapping key also wraps your MEK. If you ever forget your Master Password, the Recovery Key lets you unwrap the MEK again and set a new Master Password — no data loss, no re-encryption.

Standards we follow

Key derivation

Argon2id (64 MiB, 3 iter, 4 parallel)

Symmetric encryption

AES-256-GCM

Randomness

WebCrypto getRandomValues()

Master Password entropy

Min 12 chars, enforced in UI

Recovery Key entropy

160 bits (Crockford base32)

Transport

TLS 1.3

Auth

Supabase Auth (OAuth2, PKCE)

Database access

Row-Level Security on every table

What this design does and doesn't protect against

A full database leak from our servers

The encrypted Vault Items in the leaked database are ciphertext. Without your Master Password or Recovery Key, the leaked data is cryptographically unreadable.

A subpoena or warrant demanding your data

We can produce the ciphertext, but we cannot produce the plaintext. We do not hold the keys needed to decrypt it.

A malicious or compromised LegadoVault employee

Employees have no access to decryption keys. The data they could access is the same ciphertext a public database leak would expose.

An attacker who guesses your Master Password offline

Argon2id's cost parameters make even GPU-based guessing slow. A strong Master Password (12+ random characters) is practically unbreakable.

Malware or a browser extension on your device

If an attacker can run code in your browser while the Vault is unlocked, they can read anything you can read. We can't protect against a compromised endpoint. Keep your device clean and your browser extensions minimal.

Your lost or forgotten Master Password AND Recovery Key

If both are lost, the Vault is cryptographically sealed forever. We have nothing to help you recover it with. Print your Recovery Key. Store it somewhere safe that isn't your computer.

A weak or reused Master Password

Argon2id slows attackers down, but it doesn't stop them if you pick 'password123'. Pick something strong. Use a password manager if you need to.

Shoulder-surfing, phishing, social engineering

If you type your Master Password on a phishing site, or tell it to someone, the math we use to protect it doesn't apply. Verify you're on legadovault.com before typing.

Our commitments

The cryptography code runs in your browser. You can inspect it in your browser's developer tools. If you're technical, the source is open to read.
If we discover a security incident that affects your data, we will notify you and the appropriate regulators within 72 hours of confirming it, as required by GDPR and similar laws.
We will never introduce a backdoor. The moment we can decrypt your Vault, the product stops being what we sold you.