Security

Military-grade encryption and security measures to protect your most sensitive data.

Bank-Level Security

Our Security Commitment

At Oculock, security is not just a feature—it's the foundation of everything we do. We use industry-leading encryption and security practices to ensure your passwords and sensitive data remain protected at all times.

Encryption Standards

How Your Data is Protected

1

Data Input

Your passwords and sensitive data are entered into Oculock

2

AES-256 Encryption

All data is encrypted using military-grade AES-256 encryption

3

Secure Storage

Encrypted data is stored locally on your device

4

Access Control

Only you can decrypt and access your data with your master password

AES-256 Encryption

We use Advanced Encryption Standard (AES) with 256-bit keys, the same encryption standard used by banks, government agencies, and military organizations worldwide.

Zero-Knowledge Architecture

Oculock operates on a zero-knowledge principle. This means:

  • We cannot see your passwords or sensitive data
  • Your master password is never transmitted to our servers
  • Only you have the key to decrypt your vault
  • We cannot recover your data if you forget your master password

Security Features

Master Password

Your master password is never stored or transmitted. It's used locally to encrypt and decrypt your vault.

Biometric Authentication

Use Touch ID, Face ID, or other biometric authentication for quick and secure access to your vault.

Device Security

Your data is encrypted and stored locally on your device, not on external servers.

Secure Sync

When syncing between devices, all data remains encrypted during transmission and storage.

Auto-Lock

Your vault automatically locks after a period of inactivity to prevent unauthorized access.

Screen Protection

Sensitive fields are hidden from screenshots and screen recordings for additional security.

Data Protection

Local Storage

Your encrypted vault is stored locally on your device. This means:

  • No cloud dependency for basic functionality
  • Faster access to your passwords
  • Works offline without internet connection
  • Complete control over your data

Network Security

When data is transmitted between devices or to cloud services:

  • All communications use TLS 1.3 encryption
  • Perfect Forward Secrecy ensures session keys are unique
  • Certificate pinning prevents man-in-the-middle attacks
  • No sensitive data is transmitted in plain text

Audit and Compliance

Security Audits

We regularly conduct security audits and penetration testing to identify and address potential vulnerabilities.

Compliance Standards

Oculock is designed to meet or exceed industry security standards including:

  • SOC 2 Type II compliance
  • ISO 27001 security management standards
  • GDPR data protection requirements
  • CCPA privacy regulations

Your Role in Security

While we provide the tools and infrastructure for security, you play a crucial role in keeping your data safe:

Best Practices

  • Strong Master Password: Use a unique, complex master password
  • Regular Updates: Keep Oculock updated to the latest version
  • Device Security: Use device lock screens and keep devices updated
  • Backup Recovery: Set up account recovery options
  • Monitor Access: Regularly review your vault for unauthorized entries

Incident Response

In the unlikely event of a security incident, we have comprehensive response procedures:

  • Immediate containment and assessment
  • User notification within 72 hours
  • Detailed incident reporting
  • Implementation of additional security measures

Contact Security Team

If you discover a security vulnerability or have security concerns, please contact our security team:

  • Email: security@oculock.com
  • PGP Key: Available on our security page
  • Bug Bounty: We offer rewards for responsibly disclosed vulnerabilities
Your Security is Our Priority