How Restkin protects your documents.
What we encrypt.
Every byte you upload — document image, thumbnail, metadata fields. AES-256, per-document key derived from a passphrase on your device. We hold no copy of the key.
What we store.
Encrypted blobs plus the structured metadata you confirm (expiry date, owner, category). We never receive plaintext, and we cannot decrypt it server-side.
What we log.
Every access, share, download, and emergency-access request. The log is visible to you in the Audit Log screen. Exportable to CSV.
How you recover.
A 12-word recovery key generated at signup. Shown once. Saved by you. We cannot recover it for you. If you lose both your password and your recovery key, the vault cannot be recovered.
The shield is the kept mark — privacy is what it means.
How you export.
Three formats — encrypted bundle (Restkin can re-import), standard files (PDFs and images in folders), single document. Export is one tap from Settings. We will never make export harder than signing up.
What to do if something goes wrong.
If we suffer a breach affecting your account, we will disclose within 72 hours, by email and on this page. We will tell you what was accessed and what to do next.
Our infrastructure.
Region-locked encrypted storage. Subprocessors list below. SOC 2 Type I target: 6 months post-launch. SOC 2 Type II target: 12 months post-launch. Penetration test: annually, with summary published.
Report a vulnerability.
We accept responsible disclosure reports at security@restkin.com.
PGP key linked. We commit to acknowledge within 72 hours and to triage within 7 days. Critical issues are eligible for a paid bounty.
Subprocessors.
Last security review: 2026-06-01
Report a vulnerability: security@restkin.com (PGP key linked)