Privacy Policy
Protocol Version 5.0 | January 2026
1. Data Sovereignty
Zero Lock is built on the principle of Absolute Sovereignty. Our platform serves as an encrypted bridge between your local device and cloud persistence, ensuring that your most sensitive secrets are never exposed to the clear-web. We do not track, monetize, or analyze your data.
2. PBKDF2-100K Key Derivation
Unlike standard managers, Zero Lock uses PBKDF2 with 100,000 iterations and unique salt based on your UID. This security "hardening" happens only once per session to create a localized Session Key. This makes brute-force attacks mathematically infeasible while maintaining lightspeed performance.
3. Localized AES-256
Every secret is encrypted LOCALLY using your Session Key before leaving your device. Zero Lock uses the industry-gold standard AES-256. Your plaintext passwords NEVER touch our servers; only the encrypted ciphertext is transmitted to the cloud.
4. Cloud Persistence (Firebase)
Zero Lock utilizes Google Firebase Cloud for global data persistence. Crucially, the data stored in the cloud is 100% encrypted. Zero Lock developers, Google, and even the platform itself cannot read your data.Without your unique local Master Key, the cloud storage contains nothing but undecipherable noise.
5. Zero-Knowledge session
Your Master Key is never stored in any database. We store only a non-reversible cryptographic hash for identity verification. Once your session ends (tab close or logout), the local Session Key is cleared from memory. Zero Lock is a true Zero-Knowledgeenvironment.
Legal Disclaimer & User Responsibility
By using Zero Lock, you acknowledge that you are the sole controller of your encryption keys. Zero Lock provides the encryption tools but assumes no liability for data loss due to lost master passwords. If you lose your Master Key, the underlying data remains encrypted forever and cannot be retrieved by Zero Lock developers or Google.