Your documents. Encrypted before they leave your browser.

A document vault you pay once for. No subscriptions. No email collection. AES-GCM-256 encryption that means we genuinely can't read your files.

See pricing How it works
πŸ”’

Your file contents, encrypted end-to-end

File contents are encrypted in your browser with AES-GCM-256 before upload. Your encryption key is derived from your recovery key β€” we never see it, never store it. Filenames and tags stay readable so search works (we're upfront about that below).

βˆ…

No email. No name. No tracking.

Authentication is a 16-digit recovery key, Mullvad style. We don't ask for your email at signup. We don't track you. We can't identify you to anyone.

5y

5 years guaranteed, honest about it

We promise at least 5 years of storage from purchase, and our intent is to keep going at no additional cost to existing customers beyond that. If we ever wind down, you get 90 days notice and a one-click export. No "lifetime" claims we can't back up.

How it works

Three steps. No surprises.

From purchase to encrypted upload in under five minutes.

01

Buy and get your recovery key

Pay $29, $59, or $99 once. After purchase we show you a 16-digit recovery key β€” exactly once. Save it in a password manager.

02

Sign in and upload

Enter your recovery key to unlock the vault. Drag in PDFs and text files. Your browser encrypts them locally before sending β€” we only ever see ciphertext.

03

Find what you need, when you need it

Tag, search, set review reminders. Download decrypts files in your browser. Export all your files anytime with a one-click zip.

See it work

Watch what happens to your file.

A document moves from your browser to our servers β€” but only the encrypted version ever reaches us.

Encryption happens in your browser A document leaves your browser, scrambles into ciphertext at the encryption boundary, then arrives encrypted at the server. Your browser Where encryption happens AES-GCM-256 Encryption boundary Cloudflare R2 Ciphertext only

Your file is encrypted with AES-GCM-256 in your browser before it leaves. The server only ever sees ciphertext β€” we never hold the key.

Encryption

Math, not policy.

Most "encrypted" cloud storage products encrypt your files after they're uploaded β€” meaning the company holds the keys and could technically decrypt your files if compelled.

We don't hold the keys. Your AES-GCM-256 encryption key is derived from your recovery key inside your browser, using PBKDF2-SHA256 with 600,000 iterations (the OWASP-recommended minimum). The derived key never leaves your device. The server stores ciphertext only.

If a court orders us to decrypt your files, we mathematically cannot comply β€” we don't have what we'd need to. This is the same model used by Bitwarden, Mullvad, and Proton.

Cipher
AES-GCM-256 (authenticated)
Key derivation
PBKDF2-SHA256 / 600,000 iterations
Initialization vector
Random 12 bytes per file
Browser API
Native Web Crypto (subtle.encrypt)
What's encrypted
File contents
What's plaintext
Filenames, tags, notes (for search)
Why we're different

The things the big players won't promise.

Most cloud storage is a subscription that deletes your files if you stop logging in. We built the opposite.

Vault Google Drive Dropbox iCloud
Pay once, no subscription Yes Subscription Subscription Subscription
Files kept even if you go inactive Yes Deleted after 2 yrs Deleted after inactivity Tied to active account
Encrypted in your browser before upload Yes No No No
No email or name required to sign up Yes Required Required Required
Provider can't read your file contents Yes Can access Can access Can access*
Published shutdown & data-export commitment Yes No No No

Comparisons reflect each provider's standard consumer plans and publicly stated policies as of mid-2026. Google may delete personal accounts inactive for 2 years; Dropbox closes and deletes inactive accounts after notice. *Apple offers Advanced Data Protection as an opt-in for some iCloud categories, but it's off by default and excludes several data types. Policies change β€” verify current terms with each provider.

Pricing

Pay once. Use it for five years.

No subscriptions. No tier upgrades pestering you. Buy what you need, that's it.

Starter
For your personal tax records, contracts, and receipts.
$29
One-time payment Β· 5-year guarantee
  • 5 GB encrypted storage
  • PDF and text files
  • Tags, search, review reminders
  • One-click export
  • Lifetime in-app access while service runs
Family
For households with shared and private spaces.
$99
One-time payment Β· 5-year guarantee
  • 50 GB encrypted storage
  • Up to 5 recovery keys (coming v2)
  • Everything in Pro
  • Lifetime in-app access while service runs

About checkout

We use Stripe to handle payments. Stripe collects your card details and email for their own records; we never see either. After payment, you land directly on our domain to receive your recovery key β€” it never appears in any email. Additional checkout options may follow once we've validated this one.

Common questions

What you might be wondering.

What happens if I lose my recovery key?
Your files become mathematically unrecoverable. We can't reset the key, we can't decrypt the files, we can't email you a backup β€” we never had the key in the first place. This is the trade-off for genuine end-to-end encryption. Save your recovery key in a password manager, write it down, or both.
Why only PDFs and text files?
Document archives are the use case we're building for. Constraining the file types lets us guarantee meaningful storage at honest prices. Photos, videos, and arbitrary blobs are a different product (and a more expensive one to operate).
What does "5 years guaranteed" actually mean?
We commit to operating the service for at least 5 years from your purchase date. Beyond that, our intent is to keep the service running for existing customers at no additional cost for as long as it remains viable β€” we phrase that as intent rather than a binding promise because we'd rather under-commit on something five-plus years out than over-promise and disappoint. If we ever do need to wind down, you get at least 90 days advance notice and a one-click export tool. See our Shutdown Policy for the precise commitment.
Where is my data stored?
File contents (encrypted ciphertext only) live in Cloudflare R2 object storage. Metadata (filenames, tags, notes β€” all plaintext for search) lives in a Postgres database hosted by Neon. Both providers have detailed security and privacy postures published. Our Privacy Policy describes the full data flow.
Why no email at signup?
Because we don't need one, and what we don't collect can't leak, can't be subpoenaed, and can't be sold. Your purchase email exists at Stripe for their receipts and dispute handling β€” Stripe is a regulated payment processor that must collect it. We don't have access to it.
Can I move my data out if I want to leave?
Yes. The "Export all" button in the dashboard produces a zip of your encrypted files plus a manifest listing the IVs. You can re-import them into another Vault instance, or decrypt them offline with your recovery key using a small companion tool we publish.
Refund policy?
7-day refund window if the product genuinely doesn't fit your use case or doesn't work for you. After that we treat purchases as final, in keeping with the one-time-payment model. Email support with your purchase reference.