It is a question that every responsible person should ask before trusting a cloud service with their most sensitive information: what happens if this company goes away? Whether due to a business failure, an acquisition or a decision to shut down, the concern is legitimate. You are entrusting hundreds of credentials to a service that might not exist in five years. Here is our honest and transparent answer.
UnveilPass uses zero-knowledge encryption. This is not a marketing term — it is a fundamental architectural decision that shapes everything about how your data is stored. Your master password never leaves your device. Your vault key is derived locally through Argon2id and wrapped with a key encryption key that only you possess. Every credential, every secure note and every identity is encrypted with AES-256-GCM on your device before being sent to our servers.
What does this mean in practice? If our servers were seized tomorrow — by law enforcement, by hackers or by a bankruptcy trustee — the data on those servers would be meaningless. It is ciphertext. Without your master password, there is no mathematical shortcut to decrypt it. Not for us, not for anyone.
We believe strongly in data portability. Your passwords are your data, not ours. UnveilPass provides a full CSV export feature that decrypts your entire vault on your device and downloads it as a standard CSV file. This file contains your sites, usernames, passwords, notes and folders in a format that can be imported into virtually any other password manager.
The CSV format we use is compatible with:
There is no vendor lock-in. There is no proprietary format that only our software can read. If you decide to leave UnveilPass — for any reason — you can take everything with you in under a minute.
UnveilPass offers a Recovery QR code system that is specifically designed for disaster recovery — including the scenario where our service becomes unavailable. Here is how it works:
The critical detail: the server stores the encrypted payload, but it does not have your PIN. Without the PIN, the payload is useless ciphertext. This means even if someone gains access to our database, they cannot recover your master password.
But what if our servers are gone entirely? The Recovery QR code helps you remember your master password, which is the key to everything. As long as you have your master password, you can decrypt any backup or cached copy of your vault data.
The UnveilPass browser extension maintains a local cache of your encrypted vault data in chrome.storage.local. This cache is refreshed every time you sync, but it persists even when our servers are unreachable. If you still have the extension installed and your vault key in memory (meaning you have not locked the extension), your passwords are accessible locally without any server connection.
This is not a permanent backup solution — the cache is tied to your browser profile and will be lost if you uninstall the extension or reset your browser. But it does provide a grace period during which you can export your data even if our API is offline.
This is the most important thing to understand about zero-knowledge architecture: your master password is the root of everything. It is not just a login credential — it is the cryptographic seed from which your vault key is derived. As long as you remember your master password, you hold the key to your data.
Even if our servers vanish, if you have:
...you can access your passwords. The server is a convenience layer for synchronization, not a gatekeeper for access. This is the fundamental difference between zero-knowledge services and traditional cloud services where the company holds the keys.
Do not wait for a crisis. Good security practice means preparing for scenarios you hope will never happen. Here is what we recommend:
1. Export regularly. Once a month (or whenever you add a significant number of new credentials), export your vault to CSV. Store the file on an encrypted USB drive or an encrypted volume on your computer. Delete older exports after creating new ones.
2. Set up your Recovery QR. Go to the Account settings (click your email in the top bar), open the Recovery tab and generate a QR code. Print it. Store the printout somewhere physically secure — a home safe, a safety deposit box or a sealed envelope with a trusted person. This is your last-resort recovery mechanism.
3. Keep your master password memorized. Do not store your master password in another password manager or in a text file. It should live in your memory. If you are concerned about forgetting it, the Recovery QR code is your safety net. Practice typing it regularly so it stays in muscle memory.
4. Know your import options. Familiarize yourself with how to import a CSV file into an alternative password manager. Bitwarden (open-source, free tier) is a solid fallback option. Knowing the process in advance means you will not be scrambling if you ever need to migrate quickly.
We built UnveilPass on the principle that trust must be earned through transparency, not demanded through terms of service. That is why we are writing this article. We want you to understand exactly what happens to your data in every scenario — including the ones where we are no longer around.
The zero-knowledge model means you are never dependent on our continued existence to access your own data. Your passwords are encrypted with keys that only you hold. You can export them at any time in a standard format. You have a physical backup mechanism (Recovery QR) that works independently of our servers. There is no lock-in and no hostage situation.
Your passwords belong to you. We are just the encrypted storage layer in between.
Zero-knowledge encryption means your data is always yours. No vendor lock-in. No dependencies. Export anytime.
Get Started Free