Your documents. Encrypted before they leave your browser.

Store the documents that matter — from a freelancer's client contracts to a company's tax and compliance records — encrypted in your browser before they ever reach us. Pay once. No email. No subscription.

See plans & pricing How it works
🔒

Encrypted before it leaves your browser

Every file is encrypted with AES-GCM-256 on your device before upload. We only ever store ciphertext — so whether it's a passport scan or a signed client contract, we can't read it, and neither can anyone who breaches us.

No email. No password. No tracking.

Sign in with a 16-digit recovery key, not an account we can lock, leak, or reset. We never ask who you are and can't identify you to anyone — the same model used by Bitwarden, Mullvad, and Proton.

5y

Kept for years — never deleted for going quiet

Google Drive deletes after two years of inactivity; Dropbox closes dormant accounts. Vault never does. Pay once and your records stay put — backed by a published 5-year operating guarantee and a one-click export if we ever wind down.

Who it's for

One vault, whether it's your paperwork or the company's.

The same encryption, the same commitment, whether you're archiving your own records or your organization's.

For freelancers & independent professionals

Keep client contracts, invoices, and tax records in one encrypted place you own — no subscription eating into your margin.

For growing companies

A compliant, long-term home for agreements, HR files, and financial records — that won't delete anything because someone stopped logging in.

For enterprises & regulated teams

Browser-side encryption, GDPR-aligned and German-operated, with a published operating guarantee and export commitment for your retention obligations.

How it works

Three pictures. No fine print.

What happens between clicking Buy and handing a key to your accountant — and why we never learn who either of you are.

1

Buy once. Get your recovery key.

Pay once with Stripe. We show your 16-digit recovery key exactly once — it's the only way into your vault, and we never ask for an email.

Checkout Vault — Team $59 One-time payment Pay once No email required Your recovery key 7312 0948 5521 8804 Shown once — save it Only you hold it Your vault
2

Encrypted before it leaves your browser

Every file is encrypted with AES-GCM-256 on your device. Only ciphertext ever crosses the wire — we couldn't read your documents if we tried.

report.pdf contract.docx notes.txt Your files AES-GCM-256 Encrypted in your browser encryption boundary 9f 3a c1 e7 0d b8 44 f2 Our servers — ciphertext only
3

Share access with keys, not emails

Add a recovery key for each person who needs the vault, label it, and revoke it any time. No invites, no accounts, no email addresses — every key unlocks the same vault.

Access keys Team plan · 3 of 5 You •••• •••• •••• 8804 Owner Accountant •••• •••• •••• 2291 Co-founder •••• •••• •••• 6137 + Add key Many keys. One vault. No emails. No accounts. Contractor Revoked Revoke a key any time — access ends immediately
See it work

Watch what happens to your file.

A document moves from your browser to our servers — but only the encrypted version ever reaches us.

Encryption happens in your browser A document leaves your browser, scrambles into ciphertext at the encryption boundary, then arrives encrypted at the server. Your browser Where encryption happens AES-GCM-256 Encryption boundary Cloudflare R2 Ciphertext only

Your file is encrypted with AES-GCM-256 in your browser before it leaves. The server only ever sees ciphertext — we never hold the key.

Encryption

Math, not policy.

Most "encrypted" cloud storage products encrypt your files after they're uploaded — meaning the company holds the keys and could technically decrypt your files if compelled.

We don't hold the keys. Every file gets its own random AES-GCM-256 key, generated in your browser. Those file keys are protected by a vault key that only your recovery key can unlock — derived inside your browser with PBKDF2-SHA256 at 600,000 iterations (the OWASP-recommended minimum). Nothing that could decrypt your files ever leaves your device. The server stores ciphertext and wrapped (encrypted) keys only.

If a court orders us to decrypt your files, we mathematically cannot comply — we don't have what we'd need to. This is the same model used by Bitwarden, Mullvad, and Proton.

Cipher
AES-GCM-256 (authenticated)
File keys
Random per-file key, wrapped by your vault key
Key derivation
PBKDF2-SHA256 / 600,000 iterations
Initialization vector
Random 12 bytes per file
Browser API
Native Web Crypto (subtle.encrypt)
What's encrypted
File contents
What's plaintext
Filenames, tags, notes (for search)
Why we're different

The things the big players won't promise.

Most cloud storage is a subscription that deletes your files if you stop logging in. We built the opposite.

Vault Google Drive Dropbox iCloud
Pay once, no subscription Yes Subscription Subscription Subscription
Files kept even if you go inactive Yes Deleted after 2 yrs Deleted after inactivity Tied to active account
Encrypted in your browser before upload Yes No No No
No email or name required to sign up Yes Required Required Required
Provider can't read your file contents Yes Can access Can access Can access*
Published shutdown & data-export commitment Yes No No No

Comparisons reflect each provider's standard consumer plans and publicly stated policies as of mid-2026. Google may delete personal accounts inactive for 2 years; Dropbox closes and deletes inactive accounts after notice. *Apple offers Advanced Data Protection as an opt-in for some iCloud categories, but it's off by default and excludes several data types. Policies change — verify current terms with each provider.

Pricing

Pay once. Keep it for five years — guaranteed.

A one-time fee for a long-term home for your contracts, records, and sensitive documents. No renewals, no seat counts, no provider who can read your files.

Solo
For independent professionals safeguarding client contracts, invoices, and tax records.
$29
One-time payment · 5-year guarantee
  • 5 GB encrypted storage
  • Browser-side AES-GCM-256 encryption
  • Recovery-key login — no email required
  • No deletion for inactivity
  • One-click export, anytime
  • Single-user vault today — team access on the roadmap
Team
For small teams and practices archiving shared agreements, HR files, and legal correspondence.
$59
One-time payment · 5-year guarantee
  • 10 GB encrypted storage
  • Browser-side AES-GCM-256 encryption
  • Recovery-key login — no email required
  • No deletion for inactivity
  • One-click export, anytime
  • Single-user vault today — team access on the roadmap
Enterprise
For compliance-heavy organizations with larger archives and strict data-handling needs.
$199
One-time payment · 5-year guarantee
  • 100 GB encrypted storage
  • Browser-side AES-GCM-256 encryption
  • Recovery-key login — no email required
  • No deletion for inactivity
  • GDPR-aligned, published shutdown & export commitment
  • Single-user vault today — team access on the roadmap

About checkout

We use Stripe to handle payments. Stripe collects your card details and email for their own records; we never see either. After payment, you land directly on our domain to receive your recovery key — it never appears in any email. Additional checkout options may follow once we've validated this one.

Common questions

What you might be wondering.

What happens if I lose my recovery key?
Your files become mathematically unrecoverable. We can't reset the key, we can't decrypt the files, we can't email you a backup — we never had the key in the first place. This is the trade-off for genuine end-to-end encryption. Save your recovery key in a password manager, write it down, or both.
Which file types can I upload?
Documents and text: PDF, Word (.docx, .doc), OpenDocument (.odt), RTF, plain text, Markdown, CSV, JSON, XML, and logs. Document archives are the use case we're building for — constraining the file types lets us guarantee meaningful storage at honest prices. Photos, videos, and arbitrary blobs are a different product (and a more expensive one to operate).
What does "5 years guaranteed" actually mean?
We commit to operating the service for at least 5 years from your purchase date. Beyond that, our intent is to keep the service running for existing customers at no additional cost for as long as it remains viable — we phrase that as intent rather than a binding promise because we'd rather under-commit on something five-plus years out than over-promise and disappoint. If we ever do need to wind down, you get at least 90 days advance notice and a one-click export tool. See our Shutdown Policy for the precise commitment.
Where is my data stored?
File contents (encrypted ciphertext only) live in Cloudflare R2 object storage. Metadata (filenames, tags, notes — all plaintext for search) lives in a Postgres database hosted by Neon. Both providers have detailed security and privacy postures published. Our Privacy Policy describes the full data flow.
Why no email at signup?
Because we don't need one, and what we don't collect can't leak, can't be subpoenaed, and can't be sold. Your purchase email exists at Stripe for their receipts and dispute handling — Stripe is a regulated payment processor that must collect it. We don't have access to it.
Can I move my data out if I want to leave?
Yes. The "Export all" button in the dashboard produces a zip of your encrypted files plus a manifest listing the IVs. You can re-import them into another Vault instance, or decrypt them offline with your recovery key using a small companion tool we publish.
Refund policy?
7-day refund window if the product genuinely doesn't fit your use case or doesn't work for you. After that we treat purchases as final, in keeping with the one-time-payment model. Email support with your purchase reference.