Keeplas is not secured as an afterthought. Every layer of the system is designed so that your data remains yours alone -- invisible to us, resilient against breaches, and recoverable only by the people you trust.
Keeplas never sees your data. Your vault contents are encrypted before they leave your device. Our servers store only ciphertext that is meaningless without your keys. Even if our infrastructure were fully compromised, your secrets remain sealed.
All encryption and decryption happens on your device using AES-256-GCM, the same cipher trusted by governments and militaries worldwide. Your keys are derived locally with Argon2id from your 24-word recovery phrase, and per-recipient keys are wrapped with quantum-safe ML-KEM-768 (NIST FIPS 203) -- so nothing sensitive ever travels over the network in the clear, today or in a post-quantum future.
Keeplas uses Shamir Secret Sharing to split your master key into 5 shards distributed among trusted contacts, each shard wrapped with quantum-safe ML-KEM-768 (NIST FIPS 203). A configurable threshold (2-of-5 by default) can reconstruct access on their own devices -- no single person holds the full key, and Keeplas never sees it.
Your encrypted data is not held in one place. Our distributed architecture ensures that no single server, employee, or breach can compromise your vault. Key shards, encrypted blobs, and access policies live in separate trust boundaries, each independently hardened.
A step-by-step look at the encryption flow that keeps your data private from the moment you type to the moment a beneficiary receives it.
During onboarding, Keeplas generates a 24-word recovery phrase on your device for you to write down. It is the root of your encryption -- it never leaves your machine and Keeplas never receives or stores it, not even a hash.
Argon2id, a memory-hard key derivation function, transforms your recovery phrase into a 256-bit Root Key locally. The Root Key in turn wraps the AES-256 master key that encrypts your vault. The memory-hardness makes brute-force attacks impractical, even against leaked data.
Each document, credential, or message is encrypted individually with AES-256-GCM using a unique nonce. Per-recipient keys and recovery shards are additionally wrapped with post-quantum ML-KEM-768, so your data stays sealed even against future quantum attacks. Any tampering is detected on decryption.
Only the ciphertext is transmitted to Keeplas servers over TLS 1.3. We store encrypted blobs without any ability to decrypt them. Metadata is minimized and separated from content.
When a legacy event is triggered, your designated beneficiaries collect their Shamir key shards. Once the threshold is met, the master key is reconstructed client-side on the beneficiary's device and the vault contents are decrypted locally. Keeplas facilitates delivery but never holds decrypted data.
Security claims without evidence are just marketing. We are building toward full, independent verification of every promise we make.
We are preparing for SOC 2 Type II certification to independently validate our security controls, availability, and data handling practices.
Keeplas is open source under the AGPL-3.0 license. Inspect the code, audit the cryptography, and contribute to the platform that protects your data.
Learn more on the Developers page→A responsible disclosure program will reward security researchers who identify vulnerabilities, ensuring continuous improvement through community collaboration.
Our Security Whitepaper covers the complete cryptographic architecture, threat model, key lifecycle management, and infrastructure design in depth. It is written for engineers, auditors, and anyone who needs to verify our claims before trusting us with their data.
articleRead the Security WhitepaperJoin thousands of people who trust Keeplas to protect what matters most. Start securing your digital legacy today with architecture-grade encryption.
Get Started -- It's Free