Your data is yours. Period.

PayJarvis uses Zero-Knowledge encryption so your most sensitive data is encrypted with a key that only you control. We literally cannot read it — even if we wanted to.

AES-256-GCMZero-KnowledgePBKDF2 + SHA-512

How It Works

Four simple steps between you and unbreakable encryption.

Set your PIN

You choose a 6-digit PIN during setup. This is your secret — we never see it or store it.

Key derivation

Your PIN is processed through PBKDF2 with 100,000 iterations and a unique salt to generate a powerful AES-256 encryption key.

Client-side encryption

Sensitive data is encrypted BEFORE it ever leaves your device. Our servers only see ciphertext — unreadable gibberish.

Only you can decrypt

Your PIN is the only key that unlocks your data. Lose it and not even we can recover it — that's real zero-knowledge.

Your PIN never leaves your device

Three Layers of Protection

Not all data is equal. We protect each category with the appropriate level of security.

Public

Public Data

NameEmail address

Minimal data needed to provide the service. Protected by standard access controls and TLS in transit.

Encrypted

Operational Data

Conversation historyPreferencesAI context

Encrypted at rest with our server-managed encryption key. Protected but accessible to our systems for service delivery.

Zero-Knowledge

Sensitive Data

Payment cardsStored credentialsPersonal documents

Encrypted with YOUR personal key derived from your PIN. We cannot decrypt this data under any circumstances — only you can.

Built for Trust

Every design decision prioritizes your privacy and security.

Military-grade encryption

AES-256-GCM — the same standard used by governments and banks worldwide to protect classified information.

Zero-Knowledge Architecture

We mathematically cannot read your sensitive data. No backdoors, no master keys, no exceptions.

Your keys, your data

Your PIN generates the encryption key and is never stored on our servers. You are the sole custodian.

Instant deletion

Remove any stored item at any time. Deletion is immediate and irreversible — no shadow copies.

Open audit

Our encryption implementation is transparent and auditable. Security through openness, not obscurity.

End-to-end protection

TLS 1.3 in transit, AES-256 at rest, and zero-knowledge for sensitive items. No gaps in the chain.

How We Compare

PayJarvis follows the same Zero-Knowledge principles as the most trusted privacy tools in the world.

Feature	PayJarvis	Signal	ProtonMail	1Password
Zero-Knowledge Architecture	✓	✓	✓	✓
End-to-End Encryption	✓	✓	✓	✓
User-Held Key	✓	—	—	✓
Financial Data Protection	✓	—	—	—
AI Agent Commerce	✓	—	—	—
Credential Vault	✓	—	—	✓

Zero-Knowledge Certified

Your data, your keys, your control

Under the Hood

For the technically inclined — here is exactly what powers our security.

Component	Implementation
Key Derivation	`PBKDF2 with 100,000 iterations and SHA-512`
Symmetric Encryption	`AES-256-GCM with random IV per operation`
Authentication Tags	`GCM mode provides built-in integrity verification`
Salt Strategy	`Cryptographically random, unique salt per user`
Data in Transit	`HTTPS with TLS 1.3 enforced`
Password Hashing	`bcrypt with adaptive cost factor`
PIN Storage	`Never stored — derived key exists only in client memory`

Why this matters

Even in the event of a complete database breach, your Layer 3 data (cards, credentials, documents) remains encrypted with a key derived from your PIN — which we never store. An attacker would need to brute-force each user's key individually against 100,000 PBKDF2 iterations, making mass decryption computationally infeasible.

Frequently Asked Questions

Everything you need to know about how we protect your data.

What happens if I forget my PIN?

Since we use true Zero-Knowledge encryption, we do NOT store your PIN or encryption key. If you forget your PIN, your Layer 3 sensitive data (payment cards, stored credentials, documents) cannot be recovered — by you or by us. This is by design: it guarantees that no one else can ever access your data. You can reset your PIN, but previously encrypted data will be lost. We recommend storing your PIN securely.

Can you see my data?

It depends on the layer. Layer 1 (name, email) — yes, we need this to provide the service. Layer 2 (conversations, preferences) — encrypted with our server key, accessible to our systems for service delivery. Layer 3 (cards, credentials, documents) — absolutely not. This data is encrypted with a key derived from YOUR PIN, which we never see or store. We literally cannot decrypt it.

What if your server gets hacked?

In the worst case of a complete database breach, your Layer 3 data remains encrypted with your personal key. An attacker would need to brute-force each user's encryption key individually against 100,000 PBKDF2 iterations — making mass decryption computationally infeasible. Your most sensitive data stays safe even in a breach scenario.

How is this different from regular encryption?

Most services encrypt your data with THEIR key — meaning they (or a hacker who steals their key) can decrypt everything. PayJarvis uses YOUR PIN to derive the encryption key for sensitive data. We never see the key, never store it, and cannot reconstruct it. This is called Zero-Knowledge encryption — the same principle used by Signal, ProtonMail, and 1Password.

Is my data safe during transit?

Yes. All data in transit is protected by HTTPS with TLS 1.3 enforced. Combined with AES-256-GCM at rest and Zero-Knowledge for sensitive items, there are no gaps in the protection chain.

Security is not a feature. It's the foundation.

Read more about how we handle your data and the terms of our service.

Return to PayJarvis