Total Privacy
Our total privacy is a combination of user privacy, data privacy and social privacy.
It is meant to keep you protected not only from other users but from us too.
For user privacy, we never ask for any personally identifiable information so you can stay anonymous always.
For data privacy, we encrypt your data such that even we cannot read it in the backend.
For social privacy, you have total control over who you connect with, when and how, or stay completely private.
Your only public interface is your share handle without which you can stay hidden from all.
Private Key
Your private login key is your first point of entry into your account in riddlock.
We recommend our users to create a long key, such as their life's motto, name of their favorite movie or even a paragraph from a book.
You may also use a unique identifier like your passport or driving license number if you like.
We always store your login key self-encrypted in the database such that it cannot be decrypted until you re-login.
Personal Riddle
Instead of passwords, we prefer personal riddles created by users themselves.
Passwords are complex and easily forgotten.
On the other hand, personal riddles about your life are "secrets" you will remember naturally.
Moreover, to enhance security of your data, we recommend you create multiple riddles
so that they can be picked randomly for authentication.
You can create up to 99 personal riddles, gradually as your data grows.
Data Protection
We protect our users on the frontend, network and the server.
Your private key and riddles are stored encrypted in the database from the time you signup.
They are used to generate a unique vault key for you and connect keys for each of your data items.
Your offline data on your device is also encrypted.
Data transfers between your device and the server are similarly encrypted on the network.
Technologies
We use industry-standard AES 256 encryption to encrypt your data.
For network security, we use SSL and Web Cryptography technologies.
Your device data is stored in browser-standard IndexedDB database and encrypted with Web Cryptography keys
which cannot be extracted for viewing or manipulation even by us.
Additionally, we have implemented Content Security Policy (CSP) to prevent frontend code injection.
Enhancing security for our users is a continuous process for us.
By Default, By Design
Our users are private by default and their data private by design.
First, they are anonymous and may stay hidden from other users if they do not create a share handle.
Even when they do, their share handle is not displayed by default to any user except the ones they have already connected.
Secondly, their login key and riddles always stay secure on the server and are never sent to the frontend.
Thirdly, data is encrypted uniquely for each user and accessible only by them on login.
Fourthly, all connects are private and controlled by the data owner.
Finally, we use no cookies or analytics to track our users or their data.
