Build 2026.05 · 4a7cEnvelope v2Status all systems normalEdinburgh
End-to-end encrypted · Personal vault

Passwords, encrypted
before they leave
your laptop.

Your master passphrase never reaches our servers. We store ciphertext and timestamps; what's inside the envelope is between you and your devices.

£4.99 / month after the trial. No card required to begin.

Argon2id · OWASP-2023AES-256-GCMX25519Open envelope spec
safelane.app
Vault — SafeLane
HSBC — Sign in
Vault
  • All247
  • Banking14
  • Work38
  • Personal92
  • Notes18
  • Codes23

Sync

3 devices
last 09:41
up to date


Key

7c4a · 9f81
0e22 · 4ab7

SEARCH⌘K
01HSBC personalonline.hsbc.co.uk14 min
02Companies House filingfind-and-update.company-information.service.gov.uk1 d
03Cloudflare dashboarddash.cloudflare.com2 d
04AWS — productionconsole.aws.amazon.com3 d
05Stripedashboard.stripe.com4 d
06GitHubgithub.com5 d
07Royal Mail businessbusiness.parcels.royalmail.com1 wk
08Eurostareurostar.com2 wk
envelope_v2 · 14,238 B · aes-256-gcmauto-lock in 09:14
Fig. 01 — SafeLane vault, after unlockv2.4 · macOS · 247 items
248 ms
Argon2id stretch on your CPU
32 bytes
Key-encryption key, in your RAM only
0 servers
That can decrypt your vault
14 days
Trial, no card required
§01The pitch

A server-side leak is not a password leak.

Most password managers protect their database. We do too — and then we go further. Here is the same vault, viewed from your laptop and viewed from our servers.

WHAT YOU SEE — your devicedecrypted
HSBC personal
online.hsbc.co.uk
h7zT-9$pK-2vMq-x4Lw
Companies House
find-and-update.…gov.uk
••••••••••••••••
Stripe
dashboard.stripe.com
••••••••••••••••
GitHub
github.com
••••••••••••••••
Eurostar
eurostar.com
••••••••••••••••
WHAT WE SEE — our databaseciphertext only
envelope_v2 · item_000114238 B · mtime 09:41
deb2 5b1b 77f7 a78e 17a5 4cd2 e58a aeb3 ecf1 ad37 6c65 edf3 3314 c283 400e bd41 df25 9e58
envelope_v2 · item_000212104 B · mtime 09:41
a9a9 0f39 dfea 209b 3b1c 2f14 23c3 e180 4afe a9a7 61da 20bf 43f2 c17e 3fec cd0d 139a 94c8
envelope_v2 · item_00039876 B · mtime 09:41
69c9 a58a 4c13 2370 10ab 018f 7dc5 92ca 9b04 34b0 3c84 a183 6873 71e8 58ba 02bd 7b1a c7cb
envelope_v2 · item_000411203 B · mtime 09:41
aeaa d318 91ee f83d f018 e53d 47f9 7530 e334 39e6 8543 fe47 a819 908e 987d 5f7b c450 ccfc
envelope_v2 · item_00058762 B · mtime 09:41
38b1 093a d36b e77b 73c9 906c 0de4 0b72 3e56 ec0b f02e 93d5 0b22 4ea5 e68a 0959 72e9 5bb3

If our database is breached tomorrow, an attacker walks away with the right-hand column. Item names, URLs, notes, and passwords are inside the envelope — and the envelope is sealed with a key we do not have.

§02Threat model

Specific scenarios, specific outcomes.

We will not promise that SafeLane is “secure”. We will tell you what we have engineered for, and what we have explicitly not.

ScenarioMost password managersSafeLane
Our database is breached.
Plaintext passwords exposed
Ciphertext only. Attacker needs every customer’s passphrase to read anything.
A SafeLane employee turns hostile.
Could query the database, read items
Cannot decrypt your vault. KEKs do not exist on our infrastructure.
We receive a subpoena.
Hand over plaintext records
Hand over ciphertext and timestamps. That’s what we have.
Your laptop is compromised.
Vault accessible while unlocked
Same. End-to-end is not magic. We auto-lock after idle and never persist your passphrase.
You forget your passphrase.
Helpdesk reset, email recovery
Vault is unrecoverable. We cannot reset what we cannot read. Print your recovery code.

Full threat model and known limitations → usesafelane.com/security

§03Mechanism

How a vault is locked, opened, and never read.

Four moments. None of them require us to see what's in your vault.

01248 ms

You enter your passphrase

PASSPHRASEMaster Passphrase

A long phrase you can remember. SafeLane never sees it — not at sign-up, not on sign-in, not ever. It lives in your head and your browser's volatile memory.

0232 + 32 B

Your browser derives two keys

PASSPHRASE

Argon2id stretches the passphrase into an auth key (proves who you are) and a key-encryption key (stays on your device, decrypts your vault).

03AES-GCM

Items are sealed before they leave

BANKSL

Each item is encrypted under a per-vault data-encryption key, itself wrapped by your KEK. We receive envelopes — opaque ciphertext, plus length and timestamp.

0438 ms

You sign in, on any device

SL

The server hands back your wrapped key and your ciphertext. Your browser re-derives the keys, unwraps, decrypts — without telling us what it found.

§04Open by design

Documented. Versioned. Yours to export.

Our envelope format is a single page of specification, not a black box. You can read it, criticise it, fork it, and — if you ever leave us — take your data with you in the same shape we stored it.

Specification
Envelope, version 2
License
MIT · open spec

What our server stores for a single vault item — after sealing on your device. Every field below is either ciphertext, a public parameter, or authenticated metadata.

version
2
envelope_v2
kdf
Argon2id
t = 3 · m = 64 MiB · p = 4
cipher
AES-256-GCM
authenticated encryption
nonce
12 bytes
random, per item
ciphertext
variable bytes
plaintext payload + auth tag
associated_data
item_id, created_at
authenticated, not encrypted
wrapped_dek
40 bytes
sealed under your KEK
Envelope spec at usesafelane.com/security#envelopeOpen for review · forks welcome
§05Pricing

One plan. One price.
No surprises.

We don't have a free tier funded by advertising. We don't have an enterprise tier that gets the real security features. We have one plan, one price, and you can leave whenever you like.

Begin a 14-day trialNo card required.
Personal · monthlycancel anytime
£4.99/ month

Or £49.99 / year — saves you ten quid.


  • ·Unlimited itemsacross all your devices
  • ·Browser autofill (coming)Chrome, Edge, Firefox, Safari
  • ·Apps for iOS and Android (coming)offline, encrypted
  • ·TOTP codesgenerated in-vault
  • ·Nightly backupsencrypted, off-site