Security & Privacy

Can NestVault see my data?

Last reviewed: July 6, 2026

No. Your vault contents are encrypted on your device — with AES-256-GCM, using a key derived from your vault password — before anything is sent to our servers. What we store is ciphertext: scrambled bytes that are meaningless without your key. Your vault password never leaves your browser, so we never have the key.

This isn’t a policy promise (“we won’t look”) — it’s an architecture (“we can’t look”). Even if our servers were breached, an attacker would get the same unreadable ciphertext we have. Even a NestVault employee with full database access sees noise.

What we can see — the honest inventory

The trade you’re making

The same design that makes your data unreadable to us makes it unrecoverable by us: we cannot reset your vault password. Your recovery code is the safety net. That’s the deal, stated plainly — and the full technical detail is on our security page.

Still stuck? The contact page answers the five most common questions and has our email — a real person reads every message.