Built on a foundation of  security and privacy.

When creating a Hypervault account, we will ask to set a master password. Make sure you remember your master password, because we won’t!

All data stored in the vault is encrypted. Encryption (and decryption) happen on your device. By the time your data leaves your device, it’s fully secured from everyone, including us. We are unable to read anything in your vault, and that’s what zero knowledge encryption is about.

Thanks to our zero-knowledge architecture, your data will never be compromised even in the unlikely event that our secure databases are breached. Attackers – nor we – won’t be able to read any encrypted information or access your master password for decryption.

When we back up data on our servers, it’s already encrypted. Nobody can tell what you’re storing in your vault. If an outside agency would ask for your details, we simply have nothing to give.

Encryption in transit is when the encrypted data is active, moving between devices and networks such as the internet, within a company, or being uploaded in the cloud.

An SSL (Secure Sockets Layer) certificate is used to protect your transmitted data over the internet. It encrypts your data at one end using a public encryption key, and only the intended destination server on the other end. A report on our A+ SSL configuration can be found here.

Thanks to our zero-knowledge architecture, your data will never be compromised even in the unlikely event that our secure databases are breached. Attackers – nor we – won’t be able to read any encrypted information or access your master password for decryption.

When we back up data on our servers, it’s already encrypted. Nobody can tell what you’re storing in your vault. If an outside agency would ask for your details, we simply have nothing to give.

All your sensitive data is stored on our servers which are located within the EU. Hypervault uses .Apache, MySQL en Redis servers which are hosted by OVH, in Gravelines (France).

An Edge Gateway Server is hosted in Amsterdam (The Netherlands) for firewall, load balancing and SSL offloading purposes.

Periodically and before each new release, Hypervault is subject to penetration tests. Penetration testing is also known as pen testing or ethical hacking. It describes the intentional launching of simulated cyberattacks that seek out exploitable vulnerabilities in computer systems, networks, websites, and applications.

The purpose of penetration testing is to help us identify where potentially we might face an attack and allows us to proactively shore up each identified weakness before a new version of Hypervault is released. Pen tests are performed by an independent party, Toreon in Antwerp.

Hypervault blocks requests that do not originate from our own domain(s), to help reduce the risk of Cross Site Request Forgery (CSRF) attacks.

To block Cross-Site Scripting Attacks (XSS), all output is escaped by default in our back-end application before hitting the browser potentially causing XSS attacks.

GraphQL introspection was activated to ensure that underlying schemes can’t be taken up in a query.

Additionally, measures were taken to prevent email bombing.

Finally, the Content Security Policy (CSP) HTTP header was implementend. This determines which assets can be loaded and executed by a user’s browser.

All Hypervault data servers are located in the European Union countries, so no confidential data ever leaves the EU.

Hypervault is currently the only digital vault for business that uses EU-based cloud service providers and is fully compliant with EU data transfer rules.