Your vault is encrypted on your device before it ever leaves it. The keys are yours alone — StowPass is built so that even we can't read your data.
AES-256-GCM, sealed on your device. Sync only ever carries ciphertext — no plaintext ever reaches our servers.
Passkeys and WebAuthn replace the shared secret. Nothing to phish, nothing to reuse, nothing to leak in a breach.
Our cryptography is open source and reviewed by third-party security firms. Standards, not black boxes.
Zero-knowledge isn't a slogan — it's an architecture. Because your keys stay with you, whole categories of data are simply out of our reach.