Dark mode
Start Free Trial

Security

Security you can verify.

We don't ask you to trust us. We built Traccer so you don't have to. Your vault is encrypted on your device with keys only you control.

Architecture

No servers means no targets.

Traditional password managers store your encrypted vault on their servers. Even though it's encrypted, it's still a target. A breach exposes encrypted data. A shutdown loses your access. A subpoena could compel them to hand it over.

Traccer has no central vault servers. Your vault exists only on your devices. Sync happens directly between them using peer-to-peer technology. There's no corporate database with millions of users' encrypted vaults.

Traditional Password Manager
Your Device Company Server Their Database Your Other Device
Traccer
Your Device Your Other Device

Zero-Knowledge

We can never see your data.

"Zero-knowledge" is an overused marketing term. Here's what it actually means for Traccer.

Encryption happens on your device

Before your vault data ever leaves your device, it's encrypted with keys derived from your master password. We never see the plaintext.

We don't have your keys

Your master key is derived from your password using Argon2id — a memory-hard algorithm that makes brute-force attacks impractical. That derivation happens on your device. We never see your password or the resulting key.

There's no backdoor

We didn't build a recovery mechanism that lets us decrypt your vault. If you lose your password and recovery key, your vault is gone. That's the tradeoff for real security.

The math is verifiable

We use standard, audited algorithms — AES-256-GCM, Ed25519, Argon2id, Shamir's Secret Sharing. Not proprietary "military-grade" anything. Real cryptography that experts can verify.

Cryptography

The algorithms we use.

Purpose Algorithm Why
Password to key Argon2id Memory-hard KDF, resistant to GPU attacks
Vault encryption AES-256-GCM Authenticated encryption, industry standard
Digital signatures Ed25519 Fast, secure signatures for sync and Pulse
Key splitting Shamir's Secret Sharing Distribute recovery across guardians
Recovery phrase BIP39 Standard for human-readable backup phrases

Libraries

We build on audited, open-source libraries: @noble/hashes, @noble/ciphers, @noble/ed25519, @scure/bip39. The same libraries used by MetaMask, Ethers.js, and major DeFi protocols. Audited by Trail of Bits and Cure53.

Transparency

What lives where.

We believe in complete transparency. Here's exactly what stays on your devices and what touches our services — and why they're architecturally separate systems that cannot access each other.

100% Local (Your Devices)
P2P sync only — never transmitted to us
  • Your encrypted vault data
  • All passwords, seed phrases, documents, memories
  • Your master password and derived encryption keys
  • Vault decryption (happens only on-device)
  • P2P sync between your devices
  • Guardian shards (distributed directly to guardians)
Minimal Server Services
Metadata only — cannot access vault contents
  • Email/SMS notifications (Pulse reminders, guardian alerts)
  • Account & billing (subscription status via Stripe)
  • Account status checks (verify subscription is active)
  • Push notification delivery (APNs, FCM)
  • Optional Pulse batching (for TNK network)

Architecturally separate: Our notification relay and billing services are completely isolated systems. They have no access to vault data because they don't have the endpoints, APIs, or encryption keys to request or decrypt it. The relay service only knows "send an email to this address" — not what's in your vault. These systems cannot intermingle by design.

Our capabilities (and limitations).

We CAN:

  • Help you recover access with your recovery key
  • Provide software updates
  • Send notification emails (Pulse reminders, guardian alerts)
  • Process subscription payments
  • Verify your subscription is active
  • Shut down (and you keep your vault)

We CANNOT:

  • Recover your vault without your password/recovery key
  • See your vault contents — ever
  • Decrypt your data under any circumstances
  • Read data passing through P2P relay nodes
  • Access your vault even with a subpoena
  • Reset your password (you control the keys)

P2P Technology

How peer-to-peer sync works.

Your devices find and sync with each other using distributed hash table (DHT) technology — the same approach used by BitTorrent and other decentralized systems.

Discovery without a directory

Your devices announce themselves to a distributed network of nodes. No single server knows where all devices are.

Direct connection

Once your devices find each other, they connect directly. Data transfers between them, not through us.

NAT traversal & relays

When direct connection isn't possible (~30-40% of cases), encrypted packets route through relay nodes — but they only see encrypted data, not content.

Traccer's P2P infrastructure leverages Holepunch's technology, built on the TRAC Network — powering decentralized applications without central servers. Pulse check-ins are recorded on-chain for immutable proof of life.

Roadmap

What's coming.

Planned

Third-Party Audit

Independent security audit by a recognized firm. Budget allocated.

Post-Launch

Security Whitepaper

Detailed technical documentation of our architecture and crypto implementation.

Future

Bug Bounty Program

Rewards for responsibly disclosed vulnerabilities.

Partial

Open-Source Crypto

Core cryptographic modules available for review. Built on audited @noble/@scure libraries.

Security without compromise.

Your passwords, seed phrases, and memories deserve protection you can verify. Try Traccer and see the difference.

Start your free trial

No credit card required. Full features for 7 days.