When you log in, we never see or store your actual password. Instead:

  • Your password is processed using the Argon2 hashing algorithm.
  • The first part of the hash is used to derive your personal encryption key.
  • The second part is sent to our server for authentication, so we can verify your identity—without ever knowing your real password.

This means: we can’t decrypt your data, even if we wanted to.

Using your personal encryption key, your device encrypts all sensitive information before it ever reaches our servers. This includes:

  • Everything you enter in the CV Builder
  • Everything you write in the Cover Letter Builder
  • All your generated CVs and Cover Letters
  • Preview images of your documents
  • Your profile photo

🛑 Important: Your encryption key is never shared with us. Only your device knows it.

Once encrypted, your data is uploaded to our servers. But here’s the catch:

  • We cannot decrypt, read, or reconstruct your data.
  • We don’t have access to your password or encryption key.
  • Even if our servers were compromised, your data would remain unreadable and safe.

When you access your data again:

  • Your device downloads the encrypted files.
  • It uses your encryption key (derived from your password) to decrypt the data locally.
  • Only you can unlock and view your information.

More ZKE related questions

Your Recovery Key is a unique code generated when you first create your account. It’s the only way to regain access to your encrypted data if you forget your password. We never store this key, so only you have it.

No. Without your Recovery Key or password, your encryption key cannot be reconstructed. This is a core part of zero‑knowledge encryption — it ensures that no one, not even us, can access your data without your credentials.

We only have temporary access to your Data Encryption Key in three situations:

  • When you sign up (to encrypt your initial data)
  • When you change your password (to re‑encrypt your data with the new key)
  • When you recover your password using your Recovery Key (to restore access to your data)

In each case, the key exists in memory only for the time needed to perform the operation, and is never stored in plaintext. Once the process is complete, the key is immediately discarded from our systems.

Because your encryption key is generated from your password, a weak password makes it easier for attackers to guess or brute‑force the key. A strong password — long, unique, and hard to guess — greatly increases the security of your encrypted data.

When you change your password, we simply “re‑lock” your data with a new key made from your new password. For a short moment during this process, our system works with your encryption key so it can update your stored files — but we never keep it. As soon as the update is done, the key disappears from our systems.

Your data stays encrypted the whole time, and only you can unlock it with your new password.