Zero-Knowledge —
we can't read your data even if we wanted to

Every piece of data — passwords, notes, files, item titles, folder names — is encrypted using the Web Crypto API before any network request leaves your browser. What gets sent to our servers is ciphertext that looks like random bytes with no structure an attacker or employee could exploit.

The server receives and stores encrypted blobs indexed by item ID. It has no knowledge of what any blob contains — whether it's a password, a file, or a note. A full database dump would reveal nothing about any user's vault contents, only the encrypted ciphertext.

Pivlu employees have no mechanism to view your vault contents. There is no admin panel with a "decrypt" button. There is no master decryption key. Support staff can help with account access issues but cannot read your passwords or files under any circumstances.

If Pivlu's database were breached tomorrow, the attacker would obtain only encrypted ciphertext with no way to decrypt it — they don't have your master password, and they cannot derive your encryption key from anything stored server-side. Your vault remains secure even after a breach.

Vault uses a three-level key hierarchy: (1) Master password → PBKDF2 → master key; (2) Master key decrypts a symmetric key stored server-side; (3) Symmetric key decrypts per-vault AES-256-GCM keys. Each vault item is encrypted with its vault's specific key.

PBKDF2 derives 512 bits from your master password. The first 256 bits are your encryption key — used only in the browser, never transmitted. The second 256 bits are your auth key — hashed with SHA-256 and sent to the server for login verification. The server only stores the auth key hash.

When you share a vault, the vault's AES key is encrypted with the recipient's RSA-4096 public key. Only their private key (derived from their master password, stored only in their browser) can decrypt it. Sharing requires no server-side decryption and no plaintext key transmission.