Security

Your keys never leave your device unencrypted

sarmalink is built around a zero-knowledge model. Everything sensitive is encrypted in your browser with AES-256-GCM before it is ever stored.

Client-side encryption

Your passphrase derives a 256-bit key with PBKDF2 (210,000 iterations, SHA-256). Provider keys and message history are sealed with AES-256-GCM before they touch the network.

Zero-knowledge by design

The server only ever sees ciphertext. We cannot read your keys, your chats, or your passphrase, and neither can anyone who compromises the database.

No key escrow

There is no recovery backdoor. If you lose your passphrase, your data is unrecoverable. That is the point: nobody but you holds the key.

Per-record IVs

Every encrypted record gets a fresh 96-bit initialization vector, so identical plaintext never produces identical ciphertext.

Independently auditable

The crypto layer is documented end to end with reproducible test vectors. Independent audits are scheduled before general availability.

Rotatable keys

Rotate a provider key or re-key your vault with a new passphrase at any time. Old ciphertext is re-sealed transparently.

How the encryption flow works

  1. 01

    Derive

    Your passphrase + a unique salt run through PBKDF2 to produce a vault key. The passphrase is never transmitted or stored.

  2. 02

    Encrypt

    Provider API keys and messages are encrypted with AES-256-GCM using the vault key, entirely inside your browser.

  3. 03

    Store

    Only the ciphertext + IV are sent to the database. The server has no way to decrypt them.

  4. 04

    Decrypt

    On next login, you re-enter your passphrase, the vault key is re-derived locally, and your data is decrypted in-memory.

What we store

  • Encrypted ciphertext of your provider keys
  • Encrypted ciphertext of your conversations
  • A unique per-account salt and per-record IVs
  • Your email address for magic-link sign-in

What we never store

  • Your passphrase or any derivative we could reverse
  • Plaintext provider API keys
  • Plaintext message content
  • Telemetry, trackers, or analytics on your prompts