Security

Encryption & key management

The cryptography behind zero-knowledge backup.

  • Cipher: AES-256-GCM (authenticated encryption)
  • Key derivation: PBKDF2-SHA256, 100,000 iterations, 32-byte salt
  • Nonce: 12 bytes, random per file
  • Auth tag: 128-bit, detects tampering
  • Key storage: macOS Keychain / Secure Enclave, Windows Hello

Because keys are derived on-device and never transmitted, Secureefy operates on a zero-knowledge basis: we store ciphertext we cannot read.

Still have questions?

Book a walkthrough and we'll help you get set up.

Request a demo