Store the documents that matter — from a freelancer's client contracts to a company's tax and compliance records — encrypted in your browser before they ever reach us. Pay once. No email. No subscription.
Every file is encrypted with AES-GCM-256 on your device before upload. We only ever store ciphertext — so whether it's a passport scan or a signed client contract, we can't read it, and neither can anyone who breaches us.
Sign in with a 16-digit recovery key, not an account we can lock, leak, or reset. We never ask who you are and can't identify you to anyone — the same model used by Bitwarden, Mullvad, and Proton.
Google Drive deletes after two years of inactivity; Dropbox closes dormant accounts. Vault never does. Pay once and your records stay put — backed by a published 5-year operating guarantee and a one-click export if we ever wind down.
The same encryption, the same commitment, whether you're archiving your own records or your organization's.
Keep client contracts, invoices, and tax records in one encrypted place you own — no subscription eating into your margin.
A compliant, long-term home for agreements, HR files, and financial records — that won't delete anything because someone stopped logging in.
Browser-side encryption, GDPR-aligned and German-operated, with a published operating guarantee and export commitment for your retention obligations.
How it works
What happens between clicking Buy and handing a key to your accountant — and why we never learn who either of you are.
Pay once with Stripe. We show your 16-digit recovery key exactly once — it's the only way into your vault, and we never ask for an email.
Every file is encrypted with AES-GCM-256 on your device. Only ciphertext ever crosses the wire — we couldn't read your documents if we tried.
Add a recovery key for each person who needs the vault, label it, and revoke it any time. No invites, no accounts, no email addresses — every key unlocks the same vault.
A document moves from your browser to our servers — but only the encrypted version ever reaches us.
Your file is encrypted with AES-GCM-256 in your browser before it leaves. The server only ever sees ciphertext — we never hold the key.
Most "encrypted" cloud storage products encrypt your files after they're uploaded — meaning the company holds the keys and could technically decrypt your files if compelled.
We don't hold the keys. Every file gets its own random AES-GCM-256 key, generated in your browser. Those file keys are protected by a vault key that only your recovery key can unlock — derived inside your browser with PBKDF2-SHA256 at 600,000 iterations (the OWASP-recommended minimum). Nothing that could decrypt your files ever leaves your device. The server stores ciphertext and wrapped (encrypted) keys only.
If a court orders us to decrypt your files, we mathematically cannot comply — we don't have what we'd need to. This is the same model used by Bitwarden, Mullvad, and Proton.
Most cloud storage is a subscription that deletes your files if you stop logging in. We built the opposite.
| Vault | Google Drive | Dropbox | iCloud | |
|---|---|---|---|---|
| Pay once, no subscription | Yes | Subscription | Subscription | Subscription |
| Files kept even if you go inactive | Yes | Deleted after 2 yrs | Deleted after inactivity | Tied to active account |
| Encrypted in your browser before upload | Yes | No | No | No |
| No email or name required to sign up | Yes | Required | Required | Required |
| Provider can't read your file contents | Yes | Can access | Can access | Can access* |
| Published shutdown & data-export commitment | Yes | No | No | No |
Comparisons reflect each provider's standard consumer plans and publicly stated policies as of mid-2026. Google may delete personal accounts inactive for 2 years; Dropbox closes and deletes inactive accounts after notice. *Apple offers Advanced Data Protection as an opt-in for some iCloud categories, but it's off by default and excludes several data types. Policies change — verify current terms with each provider.
A one-time fee for a long-term home for your contracts, records, and sensitive documents. No renewals, no seat counts, no provider who can read your files.
We use Stripe to handle payments. Stripe collects your card details and email for their own records; we never see either. After payment, you land directly on our domain to receive your recovery key — it never appears in any email. Additional checkout options may follow once we've validated this one.