Security

GeoHavnVault is designed from the ground up with security and privacy at its core. Here's how we protect your files.

Zero-Knowledge Architecture

Our zero-knowledge architecture ensures that only you can access your files:

  • Client-side encryption: All encryption happens in your browser using the Web Crypto API
  • No key transmission: Your encryption keys never leave your device
  • End-to-end encryption: Files are encrypted before upload and remain encrypted at rest
  • Zero access: We cannot decrypt your files, even if compelled by law

Encryption Details

Encryption Algorithm

  • Algorithm: AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode)
  • Key derivation: PBKDF2 with SHA-256
  • IV generation: Cryptographically secure random 16 bytes per file
  • Authentication: GCM provides built-in authentication

File Name Encryption

File names are also encrypted using the same encryption key:

  • Original filenames are encrypted before storage
  • File extensions are preserved for type identification
  • Encrypted names are URL-safe encoded

Infrastructure Security

Cloudflare Protection

  • DDoS protection: Automatic mitigation of attacks
  • SSL/TLS: All connections use HTTPS with modern TLS
  • Global CDN: Files served from edge locations worldwide
  • WAF: Web Application Firewall protects against common attacks

Storage Security

  • Cloudflare R2: Enterprise-grade object storage
  • Encryption at rest: Additional layer of encryption by R2
  • Access control: Strict API key authentication
  • Isolation: Each upload has unique identifiers

Best Practices for Users

Encryption Keys

  • Use strong, unique encryption keys (at least 32 characters)
  • Store keys in a password manager
  • Never share encryption keys over insecure channels
  • Consider using different keys for different file sets

API Keys

  • Keep API keys secure and private
  • Don't share API keys unless necessary
  • API keys only provide access to encrypted files
  • Without encryption keys, files remain secure

Security Limitations

While we employ strong security measures, users should be aware of:

  • Lost keys: We cannot recover lost encryption keys
  • Browser security: Ensure your browser is up-to-date and secure
  • Local security: Protect your device from malware
  • Metadata: File sizes and upload times are visible to us

Compliance & Auditing

  • Regular security updates and patches
  • Compliance with data protection regulations
  • Transparent security practices
  • Open to security researcher feedback

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly:

  • Email: contact@geohavn.com
  • Use PGP encryption if possible
  • Allow reasonable time for fixes before public disclosure
  • We appreciate and acknowledge security researchers

Security First, Always

Your privacy and security are not features—they're fundamental to everything we do. If you have questions about our security practices, please don't hesitate to contact us.