SafeKey
Product · SafeKey

Documentation

SafeKey security model, feature guides, and account reference.

Account & sign-in

SafeKey accounts use email, password, and a TOTP authenticator app (Google Authenticator, Authy, or any RFC 6238-compatible app). After registration you scan a QR code to pair your authenticator. Every sign-in requires both your password and a fresh 6-digit code. Your vault passphrase never leaves your device — the account protects sync and billing only.

Password reset

Forgot your account password? Request a one-time reset link from the sign-in page. The link is sent to your registered email and expires in 60 minutes. Your TOTP pairing and vault data are not affected by a password reset.

Reset password

Security model

All vault content is encrypted on your device before any data is transmitted. The server receives and stores opaque ciphertext — it cannot read your secrets. Encryption uses AES-256-GCM with an Argon2id-derived key. Your password and encryption key never leave the device in plaintext.

Web dashboard

Sign in to access your vault in the browser, manage registered devices, review billing, and configure account settings. Session keys are held in memory only and cleared on sign-out. Use a private, trusted browser session when accessing sensitive vault items.

Sync & devices

Pro plan enables E2E-encrypted sync across up to 3 registered devices. The server stores only the encrypted blob — decryption requires your key on a trusted device. You can view and revoke device access at any time from the Devices screen.

NTAG card

An optional NFC card serves as a physical second factor alongside your app and TOTP. The card is available as a one-time purchase. Pairing is done through the Android app following the in-app setup flow.

Dead Man’s Switch

The Dead Man’s Switch releases a predefined message or access fragment to a designated recipient if you remain inactive beyond a configured threshold. Minimum inactivity window is 7 days. Email warnings are sent before the switch activates. Review applicable inheritance and data protection laws in your jurisdiction before enabling.

Open Dead Man’s Switch requires sign-in

Plans & billing

Payments are one-time through Stripe — no recurring subscription. Free keeps the full local vault and one paired device at the API sync limit. Personal (€4.99) allows up to three paired devices with encrypted backups. Pro (€9.99) raises the paired-device limit. Business (€29) uses the same device allowance as Pro in production today. Order an NTAG card from Billing after sign-in. Stripe processes checkout.

View plans

Support

For account or product questions, visit the Contact page or email contact@alfanestlabs.com.