security

Security at VitalSend.

Encryption is done in the browser. The decryption key never reaches the server. The file is destroyed after one download. These three pages document how.

Architecture

How encryption, key handling, and deletion work.

Plain-language description of the client-side encryption, the URL-fragment key, the upload and download paths, and the deletion guarantees.

Read the architecture →

Threat model

What VitalSend defends against — and what it does not.

Explicit assumptions, in-scope threats, out-of-scope threats, and the security goals the design is built to meet.

Read the threat model →

Irreversibility contract

What VitalSend will not do.

No memory, no recovery, no tracking, no reuse, no exceptions. A plain statement of the constraints behind the product.

Read the contract →

Disclosure

Report a vulnerability

Disclosure contact and policy are published at /.well-known/security.txt.

Security at VitalSend.

How encryption, key handling, and deletion work.

What VitalSend defends against — and what it does not.

What VitalSend will not do.

Report a vulnerability

Essential cookies