How Vaulty keeps your vault safe
Five layers of protection working together — so losing a device, forgetting a password, or even Vaulty going offline doesn't lose your money.
- Layer 1
Backup-of-backups
Daily snapshot + secure offline copy
Every 24 hours, Vaulty takes a fresh encrypted snapshot of your vault and writes it to two independent places: a live cloud copy you can restore from instantly, and a secure offline mirror held in cold storage.
If one source ever becomes unavailable — outage, account loss, hardware failure — the other stays ready. You don't have to do anything; the redundancy is built in.
- Daily encrypted snapshot, taken automatically
- Two independent storage locations (live + offline)
- Both copies are useless without your key — they only contain sealed envelopes
- Layer 2
Hashing + salting
We never store readable answers
Recovery factors — answers to your secret questions, approximate location, IP fingerprint, device identifiers — are never stored in readable form. Each value is combined with a unique salt and passed through a one-way hash before it touches our database.
When you recover, the same one-way function runs on your inputs and we compare hashes. A correct value matches; a wrong one doesn't. Nobody — not Vaulty, not an attacker with full database access — can reverse a hash back to your original answer.
- One-way hashing (Argon2id family) with per-user salts
- Original answers, locations and device IDs never leave your device unhashed
- A database leak reveals nothing usable
- Layer 3
AES-256 encryption, applied locally
The key never leaves your control
Your vault — keys, recovery phrase, settings — is sealed with AES-256-GCM, the same authenticated cipher used by modern banking apps, 1Password and Signal. The seal is applied inside your device, before anything is uploaded.
The encryption key is derived in your browser from inputs only you control: your password, a biometric attestation, or your auth-provider seed. Vaulty's servers only ever see the resulting opaque envelope. There is no master key on our side, by design.
- AES-256-GCM with per-vault keys
- Key derivation runs locally — server never sees it
- Even with full server access, our staff cannot decrypt your vault
- Layer 4
Arweave anchoring
Immutable proof, tamper-free history
Each backup envelope is anchored to Arweave — a public, permanent ledger designed for data that must never change. We pay the one-time storage fee on your behalf.
Because the envelope is encrypted before it's anchored, the public ledger reveals nothing about its contents. But anyone — you, an auditor, a journalist — can independently verify that the envelope hasn't been altered since the day it was written.
- Permanent, tamper-evident storage
- Public verifiability without exposing contents
- Independent of Vaulty: works even if our company ever disappears
- Layer 5
Multi-factor matching
GPS · IP · Device ID · Secret phrases
Recovery isn't a single password reset — it's a match across the factors you chose to enroll. Approximate GPS, IP region, registered device ID, and your secret phrases each contribute to the decision.
We use a strict 100% match rule on the factors you marked as required. Anything less triggers a guided manual review with cooling-off windows and notifications to your other devices — no silent approvals, no support-engineer override.
- You pick which factors are required
- 100% match → instant, self-serve recovery
- Partial match → guided manual review with delays and alerts
Ready to enable recovery?
Once you understand the layers above, enrollment takes about a minute. You can change your factors any time.

