Security

Your data. Your control.
Always.

Military-grade encryption. Zero-knowledge architecture. Blockchain integrity. Your privacy is not a feature \u2014 it is our foundation.

Architecture

Defense in depth

Multiple layers of security protect your data at every level of the stack.

Authentication
JWT TokensShort-lived, Redis-blacklisted
bcryptSalted password hashing
Data Encryption
FernetBank account encryption at rest
HMAC-SHA256Card number verification
Vault Encryption
AES-256-GCMClient-side vault encryption
RSA-OAEP 4096Key exchange for messaging
Key Derivation
PBKDF2 600K600,000 iterations key stretching
Integrity & Protection
BlockchainImmutable audit trails
Rate LimitingRedis-powered abuse prevention
CSP / HSTSHeader security policies
Zero-Knowledge

Zero-knowledge vault

Your data is encrypted on your device before it ever touches our servers. Even we cannot read what you store. Here is how it works, in plain language.

How it protects you

When you set a master password, CiviQ generates encryption keys entirely on your device. Your password never leaves your browser.

Every item you store in the vault is encrypted with AES-256-GCM before it travels to our servers. What we store is indistinguishable from random noise.

When you access your vault, the encrypted data is sent to your device and decrypted locally. At no point can CiviQ staff, attackers, or even a court order reveal your vault contents.

If you lose your master password, your data is gone forever. That is the point. No backdoors, no recovery keys, no exceptions.

Your Master Password
Entered only on your device
PBKDF2 Key Derivation
600,000 iterations stretching
AES-256-GCM Key
Derived encryption key
Encrypt on Device
Data encrypted before leaving browser
Encrypted Data Sent
Only ciphertext reaches our servers
Decrypt on Device
Only your key can unlock it
End-to-End Encryption

Encrypted messaging

Every message is encrypted with RSA-OAEP and AES-256-GCM. Not even CiviQ can read your conversations.

Sender generates RSA-OAEP 4096 key pair
Public key shared, private key stays on device
Random AES-256-GCM key for each message
Unique session key per conversation
Message encrypted with AES key
Content becomes ciphertext
AES key encrypted with recipient's RSA public key
Only recipient can decrypt the session key
Recipient decrypts AES key, then message
Full decryption only on recipient's device
Blockchain

Immutable audit trail

Every critical action is anchored on our private blockchain. Once recorded, it cannot be altered, deleted, or disputed.

Document Verification

Upload a document and its cryptographic hash is permanently recorded. Verify its authenticity anytime — any tampering is instantly detectable.

Transaction Anchoring

Key financial events and modifications are anchored with timestamps. Your financial history has a tamper-proof witness.

Privacy Preserved

Only anonymized identifiers and hashes go on-chain. No personal names, amounts, or content. Our blockchain is private, not public.

Genesis
Block #1
Block #2
Block #3
Block #N
Our Promise

Privacy commitments

Six non-negotiable promises about how we handle your data.

We never sell your data

Your personal information, financial data, and usage patterns are never sold, shared with advertisers, or monetized in any way.

No AI training without consent

Your data is never used to train AI models unless you explicitly opt in. Your conversations and vault contents remain private.

Export anytime

Download all your data — finances, documents, tasks, journal entries — in standard formats whenever you want. No lock-in.

Delete anytime

Request complete deletion of your account and all associated data. We comply within 90 days, blockchain records excepted.

Impossible vault access

Even under a court order, we cannot decrypt your vault. The encryption keys exist only on your device. This is by design.

Open about our security

We publish our security architecture, encryption methods, and data handling practices. Transparency builds trust.

Security questions

Your privacy is not a feature. It is our foundation.

Experience the only personal dashboard built from the ground up with zero-knowledge security.

Get Started SecurelyPrivacy Policy