How your memories are protected.

Our security principles: strong authentication, strict permissions, enforced unlocks, and encrypted storage.

You control who gets in.

Sign in with email magic links, Sign in with Apple, or Sign in with Google. Sessions are short-lived and revoked when you sign out. We never see your social passwords or store them.

The server decides who can see what.

Every vault read and write is checked on the server. Roles are explicit: owner, contributor, viewer, future recipient. There is no way to bypass permission checks by editing a URL or request. The server decides, always.

Time-locked until you say so.

Locked memories enforce their unlock rule on the server. Until the rule is satisfied, the future recipient cannot read the metadata or the media. Owners can always preview and manage what they've added.

Your files are encrypted and private.

Files are uploaded directly from your device to private encrypted storage. Storage contents are not publicly listable. File identifiers never include names, ages, or any identifying information.

Encrypted in transit and at rest.

All traffic is HTTPS only. Your media is encrypted when stored. Your metadata is encrypted at rest and in transit between regions.

We log actions, not content.

Vault creation, invitations, role changes, and media uploads are written to an audit log so we can investigate abuse or incidents without ever reading your content.