Account Recovery
If you lose access to your account, the recovery path depends on what you still have. Keeplas's zero-knowledge design means the server cannot recover your vault for you — but it's also why the design holds up under attack.
Decision tree
- You have your 24-word recovery phrase → Restore on a new device
- You have a Social Recovery quorum → Initiate Social Recovery
- You have neither → What Keeplas cannot do
Restore on a new device
This is the simplest path and the one we recommend if your phrase is intact.
- Sign in to Keeplas on a clean device with your email or WhatsApp OTP.
- Choose Restore from recovery phrase.
- Enter your 24-word phrase. Keeplas re-derives your master key on this device via Argon2id and re-unlocks your vault.
- Re-establish per-device unlock (PIN, biometric, or passkey).
Your recovery phrase is the seed for everything. Keep it on paper, in a safe place. Do not photograph it, do not store it in a password manager that you cannot fully verify, and do not transcribe it into any cloud service.
Initiate Social Recovery
If your phrase is lost but your trusted contacts are reachable, Social Recovery is the path.
- Your trusted contacts are notified (in-app, WhatsApp, and email) and each is asked to confirm they cannot reach you.
- Once a quorum confirms unreachability (2 contacts by default), a 72-hour grace window opens. During grace, you can cancel from any signed-in device — a single "I'm alive" tap resets the whole request. This human gate is why recovery can never be triggered silently.
- After the grace window expires, contacts pool their shards. Each contact cross-wraps their share to the others with ML-KEM-768, so any one of them can gather your threshold's worth of shares and reconstruct your master key on their own device — never on the server.
- With your master key reconstructed, your vault can be unlocked on a trusted device.
Recovery is therefore not instant: a quorum has to confirm, a 72-hour grace window has to elapse, and your contacts have lives too. At threshold 2 (the default) recovery survives one unreachable contact; at threshold 3 all three contact shards must be available, so allow days, not minutes.
Assist a contact's recovery
If a trusted contact is recovering their own vault and you hold one of their shards, you'll receive a notification over WhatsApp and email. Open the request, verify the contact through whatever channel you trust (a phone call works), and authorize from your device.
You will never see their phrase, their master key, or the contents of their vault. You authorize your shard; the math does the rest on their device.
What Keeplas cannot do
Without your recovery phrase or a Social Recovery quorum, Keeplas cannot restore your vault. This is intentional and load-bearing:
- The server only ever holds ciphertext.
- The server has never seen your phrase, your master key, or a single plaintext key.
- A recovery backdoor that worked for "you, the legitimate user" would also work for an attacker who claims to be you.
This is the trade-off behind zero-knowledge. The best protection against this scenario is to set up Social Recovery before you need it — three trustworthy contacts at the default threshold of 2 is a strong baseline. Re-verify the setup once a year.
If you return after an emergency release
If a Life Check release already fired — your contacts reconstructed the master key and your vault was handed off — and you then come back, that key must be treated as exposed. When you sign back in, Keeplas runs a key rotation:
- A fresh master key and a new owner key pair are generated on your device.
- Every item in your vault is re-encrypted under the new keys, and access for each recipient is re-wrapped to them.
- The old key material is retired once every item has migrated.
The rotation is crash-safe: at every step, unlocking with your 24-word phrase can still read every item, so an interruption never locks you out. After it completes, anything you change is sealed under keys the prior release never saw. You'll then want to re-distribute fresh shards to your trusted contacts so future recovery uses the new key.