FAQ

Security

Can Keeplas employees read my vault?

No. The server only ever sees ciphertext. Items are encrypted on your device with AES-256-GCM, keys are derived from your 24-word phrase via Argon2id, and the phrase never leaves your device. Even a full breach of our infrastructure would expose only encrypted blobs.

Is the encryption quantum-safe?

The symmetric layer (AES-256-GCM) is widely considered quantum-resistant at the chosen key size. The asymmetric layer — used to wrap per-item keys and Social Recovery shards — uses ML-KEM-768 (NIST FIPS 203), a post-quantum key encapsulation mechanism. The Keeplas threat model assumes a future attacker with access to a cryptographically relevant quantum computer.

What is the 24-word recovery phrase exactly?

It's a BIP39 mnemonic encoding 256 bits of entropy. Your master key is derived from it via Argon2id with parameters tuned to balance security and on-device cost. The phrase never touches the network.

Recovery and continuity

What happens if I lose my recovery phrase?

You can still recover via Social Recovery if you set it up. A quorum of your trusted contacts (2-of-5 by default) can rebuild your master key on a new device. Without either the phrase or a Social Recovery quorum, the vault is unrecoverable — see Account Recovery.

How does Life Check decide I'm gone?

It doesn't decide unilaterally. After your inactivity window closes, Keeplas notifies your trusted contacts; they confirm — not assume — that you are unreachable. A 72-hour grace then begins, during which you can abort the release from any signed-in device.

Can my family open my vault while I'm alive?

Only with your explicit cooperation. They cannot read your vault directly. They can participate in a Social Recovery flow that you (or Life Check) initiated, but below the threshold their shards reveal nothing.

Operating model

What happens if Keeplas shuts down?

You can export an encrypted backup at any time from Settings → Export. The format is documented and decryptable with any compatible client, including our open-source CLI. Because the project is AGPL-3.0, you (or anyone) can also run the code yourself — see Self-Hosting.

Can I use Keeplas offline?

The hosted app needs a connection to sync. A self-hosted instance can run fully offline on a local network. Per-device unlock (PIN, biometric, or passkey) works offline once you've synced at least once.

Where is the data stored?

The hosted plan stores ciphertext on Convex Cloud (with replicated regions). Self-hosted deployments run wherever you put them — Convex self-hosted, your own server, or a hybrid. Either way, the data is encrypted on your device first.

Open source

Is Keeplas open source?

Yes. The core is published under AGPL-3.0. The repository is public, and the cryptographic primitives in packages/crypto are gated by CODEOWNERS for extra review.

Can I contribute?

Yes — see Contributing for the workflow. Bug fixes, documentation, translations, and accessibility improvements are especially welcome.

Can I audit the cryptographic protocol?

Yes. The architecture is documented in Architecture, and the implementation lives in packages/crypto. We welcome formal review and reports of any concerns at security@keeplas.com.

editEdit this page on GitHub