ProVaultSecure your future. Simplify theirs
Get Early Access

Security at ProVault

Private by design. Multiple layers of protection to safeguard your data.

How your data flows

  • Data is entered in the app, validated in the browser, then sent to our API over HTTPS (TLS 1.3).
  • PII is encrypted at field level before storage; non‑sensitive metadata is stored separately.
  • Actions are logged immutably with hash chaining for audit integrity.

Encryption in transit

  • TLS 1.3 with modern ciphers protects all traffic between your browser and our API.
  • HSTS and secure cookies reduce downgrade and interception risks.

Encryption at rest

  • AES‑256‑GCM with per‑record IVs and authentication tags for field‑level encryption.
  • Associated Data binds ciphertext to record context to prevent misuse.
  • Keys are server‑side and rotated on a scheduled basis.

Integrity & audit

  • Append‑only audit trail with HMAC‑SHA256 chaining.
  • Tamper checks verify log continuity; anomalies raise alerts.

Access control

  • Owners control sharing and timing; nominees have read‑only access.
  • Scoped tokens and rate limiting protect endpoints.

Data residency & backups

  • Primary storage in the UK.
  • Encrypted backups with strict lifecycle policies for recovery.

Report an issue

If you believe you’ve found a vulnerability, email [email protected]. We’ll acknowledge and investigate promptly.

Analytics & privacy

We use Google Analytics 4 (GA4) for aggregate usage insights to improve the site. GA4 is implemented with Consent Mode v2 and defaults to “denied” until you choose in the cookie banner. No analytics pings are sent before consent, and you can change your choice anytime via “Cookie settings”.