Veault Blog
Security
Zero-Knowledge
By:
Léon van Leeuwen
Last updated:
November 7, 2025
You're considering using a digital vault. You're about to entrust your most sensitive information—passwords, financial details, crypto keys, personal letters—to an online service.
The main question on your mind is completely valid:
"How do I know this is really safe? What if Veault gets hacked? Can a Veault employee read my data?"
The answer to these questions lies in the fundamental design of our platform: the Zero-Knowledge Architecture.
This isn't a marketing term. It's a technical reality that forms the core of our product. In this article, we'll explain simply what it is and why it's crucial.
The "old" way: How most websites and cloud services work (the bank model)
Most online services (like your email, social media, and cloud storage) function like a traditional bank vault.
You visit the bank (the website).
You identify yourself (log in with your password).
The bank clerk (the server) retrieves your vault, checks your identity, uses the bank's master key, opens it, and hands your belongings to you.
The problem? The bank holds a master key.
If an employee goes rogue, or if a robber steals the master key (a hack), they can access everything. The service asks you to trust them.
The "new" way: Zero-Knowledge architecture (the safe model)
A Zero-Knowledge system works fundamentally differently. We aren't the bank. We simply offer you the safe.
You open a safe with us (create a Veault account).
You set up a unique combination (your master password).
You put your belongings (your data) yourself in the safe and lock it up.
The crucial difference? We don’t have your combination. You never told us what it is. We can’t open your safe, even if you ask. Only you have the key.
How does this technically work, in short?
This is called "client-side encryption."
Your password = Your key: Your master password is the only thing that can decrypt your data. This password is never sent to our servers. It doesn’t leave your computer or phone.
Encryption on your device: When you type a note, it is encrypted on your device (the 'client') using that key.
Storage of "chaos": The only thing sent to our servers is unreadable, encrypted "chaos." It's a digital safe where we don’t have the combination.
The ultimate test: What if Veault gets hacked?
This is the key question that answers how safe a digital safe is.
Imagine a hacker manages to access our servers. What do they find? A collection of useless, unreadable, encrypted files. They can’t do anything with it.
To read the data, they need your unique master password. And we don’t have it, so they can’t steal it from us. The only place where your data is readable is on your device, after you’ve entered your password.
This is the safest way to store data. It’s a system that’s not based on "our trust," but on mathematically verifiable proof.
Conclusion: Trust in math, not marketing
When choosing a service for your most sensitive data, don’t ask: "Do I trust this company?"
Ask: "Is this company technically capable of seeing my data?"
At Veault, the answer is deliberately a clear no.
Trust is good. Verifiable security is better.
Read more here about arranging your complete digital legacy.
Blogs and articles
