Your Vault. Your Keys. Your Privacy.

End-to-end client-side encryption powered by AES-GCM. Your master password derives your vault key entirely on your device — it is never transmitted to or stored on our servers.

View Plans See How It Works

AES-GCM Encryption

Industry-standard authenticated encryption. Each entry is encrypted individually in your browser before being stored.

Zero-Knowledge Architecture

Your master password and vault contents are never sent to or stored on our servers in readable form.

Multi-Device Access

Unlock your vault from any registered device. Your encrypted data syncs — your vault key never does.

PBKDF2 Key Derivation

Your vault key is derived from your master password using PBKDF2 with a unique per-account salt.

Product Screenshots

A Clean Interface Built for Your Data

Everything you need — passwords, wallet details, recovery tools, and secure backups — in one polished vault experience.

Vault Grid View
Grid View

Vault Grid View

Browse saved entries in a clean card layout with quick actions for reveal, copy, edit, delete, and restore workflows.

Vault List View
List View

Vault List View

Switch to a compact list layout for faster scanning, filtering, sorting, and managing larger vaults.

Add Secure Entries
Create

Add Secure Entries

Create encrypted password records with generated passwords, notes, site details, and client-side encryption before save.

Edit Vault Records
Edit

Edit Vault Records

Update existing vault entries with polished modal workflows while keeping sensitive fields protected.

Restore Deleted Entries
Recovery

Restore Deleted Entries

Recover soft-deleted vault records when your plan supports deleted-entry recovery.

Random Password Generator
Generator

Random Password Generator

Generate strong XML-safe passwords directly inside the Add/Edit Entry modal, then copy or save them without exposing sensitive values.

Why Password Vault

Privacy You Can Verify

Every design decision prioritizes keeping your sensitive data under your control.

Client-Side Encryption First

Data is encrypted in your browser before it ever leaves your device. The server only stores ciphertext.

Master Password Stays Local

Your master password is used only to derive your vault key on-device. It is never transmitted or stored server-side.

One Vault, Multiple Categories

Store passwords, payment cards, and more in a single encrypted vault with distinct module views.

Device-Aware Access

Register your devices explicitly. Each device goes through a secure unlock process before accessing vault data.

Trusted Contact Workflow Coming Soon

Designate trusted contacts with a controlled legacy access process — not automatic, not instant. Planned for a future release.

Clean, Focused Interface

A purpose-built vault interface — search, filter, and manage your entries with minimal friction.

Backup Options You Control

Export or print decrypted vault information when you need a physical backup stored somewhere secure.

Recovery Without Clutter

Deleted entries can be reviewed and restored, helping you recover important vault data when needed.

Vault Modules

Every Category of Sensitive Data, Covered

Password Vault is structured into purpose-built modules — each encrypted the same way, each focused on a distinct data type.

Password Vault

Credentials & Logins

Store and retrieve login credentials, URLs, usernames, passwords, and secure notes. Each entry is encrypted client-side before storage — only you can read it.

  • Username, password, and URL fields
  • Secure notes per entry
  • Search and filter across all entries
  • Export to CSV, Excel, or PDF (client-side only)
  • Soft-delete with entry recovery

Vault Wallet

Payment Cards & Financial

Securely store payment card details, bank information, and financial notes — encrypted at the entry level the same way as your passwords.

  • Credit and debit card storage
  • Card number, expiry, cardholder name, and secure financial notes
  • Bank account and routing details
  • Per-entry AES-GCM encryption
  • One master password unlocks all modules

Vault Legacy Coming Soon

Trusted Access Planning — Available in a future update

Designate trusted contacts and set an inactivity timeframe. If you remain inactive beyond that period, your contacts can initiate a structured legacy access process — controlled and step-by-step, not automatic.

  • Designate one or more trusted contacts
  • Configure an inactivity timeframe
  • Controlled, step-by-step legacy access workflow
  • Access is initiated by a contact, not granted automatically
Vault Legacy is designed to support trusted access planning, but it is not a substitute for legal estate planning documents.

Getting Started

Up and Running in Minutes

Your vault is ready as soon as you set your master password. No complex setup required.

1

Choose a Plan

Select the plan that fits your needs — including a free option to get started with no credit card required.

2

Set Your Master Password

Create a strong master password. It stays on your device and is used to derive your vault encryption key.

3

Add Your Entries

Start adding passwords, cards, and notes. Each entry is encrypted in your browser before being saved.

4

Access from Any Device

Register additional devices and unlock your vault wherever you are — your encrypted data follows, your key does not.

How the Encryption Works

When you create or unlock your vault, your browser derives a Vault Encryption Key (VEK) from your master password using PBKDF2 with a unique per-account salt retrieved from the server. That key never leaves your browser session. Every vault entry is encrypted with AES-GCM before being sent to the server — and decrypted with the same key only after retrieval, entirely on your device. Our servers store only ciphertext.

AES-GCM PBKDF2 key derivation Per-account salt VEK never transmitted Server stores ciphertext only

Plans & Pricing

Simple, Transparent Pricing

Start free, upgrade when you need more. No hidden fees.

Free
Free
No credit card required
5 entries included
1 device included
Extra devices Limited to 1 device total
1
Total Free
  • Invisible Copy
  • One-Click Link To Login
  • End-to-End Encryption
  • Advanced Views
  • Random Password Generator
  • Vault Wallet
  • Custom Exports
  • Document Upload
  • Vault Legacy
  • Priority Support
Most Popular
Premium
$2.99 $2.99
per month
Unlimited entries
2 devices included
Extra devices $0.49 / device / period
0
Total $2.99 $2.99 / month
  • Invisible Copy
  • One-Click Link To Login
  • End-to-End Encryption
  • Advanced Views
  • Random Password Generator
  • Vault Wallet
  • Custom Exports
  • Document Upload
  • Vault Legacy
  • Priority Support
Ultimate
$4.99 $4.99
per month
Unlimited entries
3 devices included
Extra devices $0.49 / device / period
0
Total $4.99 $4.99 / month
  • Invisible Copy
  • One-Click Link To Login
  • End-to-End Encryption
  • Advanced Views
  • Random Password Generator
  • Vault Wallet
  • Custom Exports
  • Document Upload
  • Vault Legacy
  • Priority Support
Encrypted in your browser Master password stays on your device AES-GCM in your browser Multi-device

Common Questions

Frequently Asked Questions

When you unlock your vault, your browser derives a Vault Encryption Key (VEK) from your master password using PBKDF2 and a unique per-account salt. That key is held only in your browser session. Every entry is encrypted with AES-GCM before being sent to the server, and decrypted locally after retrieval. The server never sees your plaintext data or your master password.

No. Encryption happens in your browser before any data is transmitted. What reaches the server is always ciphertext. Your master password is never sent — it is used only on-device to derive the vault encryption key.

Because your master password is never stored or transmitted, it cannot be recovered by us. If you forget it, your encrypted vault data cannot be decrypted. This is a deliberate consequence of the zero-knowledge design — please store your master password somewhere safe.

Yes. Paid plans include multiple registered devices. Each device goes through a secure registration and unlock process. Your encrypted vault data is synced to all your devices — your vault key is derived locally on each one from your master password.

Vault Legacy is coming in a future release. It is being designed to let you designate a trusted contact and set an inactivity timeframe. If you remain inactive beyond that period, your designated contact can initiate a structured legacy access process — a controlled, step-by-step workflow, not automatic or immediate access. Vault Legacy is intended to support trusted access planning, but it is not a substitute for legal estate planning documents.

Yes. You can export your vault entries to CSV, Excel, or PDF. Exports are generated client-side from your decrypted data after you have unlocked your vault. Because exports may contain plaintext passwords and sensitive information, store any exported files securely and delete them when no longer needed.

Yes. You can manage or cancel your subscription at any time from your account settings. Your vault data remains accessible for the remainder of your paid period.

Ready to Secure Your Vault?

Start free today. Your data stays yours — encrypted, private, and accessible only to you.

Get Started Free