← Back to the public site
Technical demo · local privacy
How we protect the records.
This is a real demo: the data you enter is encrypted with AES-GCM 256 inside your browser and saved only here. Nothing leaves this page. Close the browser, close the vault.
What happens when you create a record
- You unlock with a passphrase (in production: a hardware passkey).
- The passphrase generates, via PBKDF2 (250,000 iterations), an AES-256 GCM key. The key lives only in the browser's RAM.
- You fill out a sample educational record form.
- On save, the data is encrypted with a 96-bit random IV and a SHA-256 hash of the plaintext is computed as integrity proof.
- The ciphertext is saved in localStorage on this demo page (in production: a local DB inside the walls).
- To read a record back you need to re-enter the passphrase: without it, the data is unreadable, even to you.