How Tathastu protects your data

Everything about how we handle encryption, passphrase management, and message delivery.

Passphrase Management

Recovery options

You choose how your passphrase is managed. Both options keep your messages fully encrypted.

User-Managed Passphrase

You keep your passphrase. Document it in your will or a trusted location. When the time comes, your executor provides it to decrypt and deliver your messages.

  • We never have your passphrase
  • True zero-knowledge architecture
  • Works with your existing estate planning
Recommended

Tathastu-Managed Recovery

Opt in to secure passphrase escrow. Your passphrase is encrypted with threshold encryption — it takes two separate authorized parties to decrypt it. Good if you want a backup in case your will is lost.

  • Passphrase recoverable if will is lost
  • No single party can decrypt alone
  • Full audit trail of all access attempts
  • Requires your explicit consent to enable

You can switch anytime. Both methods keep your messages encrypted. The only difference is how the passphrase is managed. Change it from your settings whenever you want.

Technical Details

Under the hood

For those who want to know exactly what's running.

Encryption

AES-GCM-256 authenticated encryption with a random 12-byte IV per message. All encryption and decryption happens client-side in your browser using the Web Crypto API. We store ciphertext. We never see plaintext.

Key Derivation

PBKDF2-SHA256 with 100,000 iterations turns your passphrase into a cryptographic key. Each user gets a unique 16-byte salt. This makes brute-force and rainbow table attacks impractical.

Passphrase Escrow

Optional threshold encryption splits the recovery key between a Founder key and an Operator key. Both are required to decrypt. No single person at Tathastu can recover your passphrase on their own.

Access Verification

Nominee access uses time-limited JWT tokens (7-day expiry) and one-time-password verification via email or SMS. Every access attempt is logged in an immutable audit trail that nobody can edit or delete.