Security
We build vaults, not data lakes. Your secrets are encrypted at rest.
Zero-Knowledge Architecture
Most health apps are data vacuums. They ingest your biological metrics to sell to insurers or train AI models. Secret Manager is different. We believe that your health data is as sensitive as your financial data.
Encryption at Rest
All sensitive fields (notes, journals, detailed metrics) are encrypted using AES-256-GCM before writing to disk.
No Employee Access
Our support staff cannot read your logs. We do not have a "god mode" to view user data.
Technical Infrastructure
TLS 1.3 & HSTS Enforced
All data in transit is encrypted using TLS 1.3 protocols. We enforce HTTP Strict Transport Security (HSTS) to prevent man-in-the-middle attacks.
Kernel-Level Row Isolation (RLS)
We utilize PostgreSQL''s Row Level Security. Every single database query is filtered by the user''s cryptographic UUID at the database kernel level. Even an accidental bug in our application code cannot leak data across users.
Encrypted Backups
Automated backups are performed every 24 hours. All backup volumes are encrypted at rest using provider-managed keys (KMS) and stored in geographically redundant vaults.
Privacy by Design
Our engineering philosophy is simple: Minimal Data Retainment. We do not track IP addresses, browser fingerprints, or precise locations unless explicitly required for security features (like login notifications).
When you delete your account, we perform a hard delete. Your data is wiped from primary nodes within 60 seconds and purged from encrypted backups within 30 days.
Responsible Disclosure
If you believe you have found a security vulnerability in Secret Manager, please let us know immediately. We offer a bug bounty program for critical issues.
Report a Vulnerability