Security

Military-grade is not marketing. It is mathematics.

Every claim on this page is verifiable. No trust required — just cryptography.

01

AES-256-GCM Encryption

The Advanced Encryption Standard with 256-bit keys, in Galois/Counter Mode. The same cipher the US National Security Agency approves for Top Secret classification. Cracking it by brute force with every computer on Earth running in parallel would take longer than the age of the universe.

02

Argon2id Key Derivation

Your password is never used directly as an encryption key. Argon2id — winner of the Password Hashing Competition — transforms it into a cryptographic key while consuming enough memory and time to make automated brute-force attacks computationally infeasible.

03

Zero Data Transmission

Decryption happens entirely inside the recipient's browser using the native Web Crypto API. No file, password, or metadata ever touches a server. FileLocker has no cloud infrastructure — because it needs none.

Web Crypto API

Decryption runs in the browser. Nowhere else.

FileLocker's unlock page uses the Web Crypto API — a cryptography implementation built directly into every modern browser. There are no third-party libraries to audit, no external dependencies to trust, and no network calls to intercept. The decryption key is derived and used entirely in local browser memory, then discarded.

AES-256-GCM
Argon2id KDF
Web Crypto API
Zero Transmission
No Cloud Infra
Offline-First
Threat model

What FileLocker protects against — and what it doesn't.

Security is about being specific, not making blanket claims. Here's exactly where FileLocker helps.

USB drive lost or stolen Protected
File intercepted during physical handoff Protected
Unauthorized third party opens the drive Protected
Cloud provider data breach Not applicable — no cloud used
Forgotten password with no hint saved No recovery — by design
Compliance

Built for regulated workflows.

HIPAA § 164.312

The HIPAA Security Rule's technical safeguards call for encryption of electronic protected health information at rest and in transit. FileLocker's offline AES-256 encryption is built to support this requirement for physical media.

GDPR Article 32

Article 32 requires "appropriate technical and organisational measures" including encryption of personal data. Delivering files pre-encrypted on physical media, with decryption keys shared separately, is one such measure.

Verify with your compliance officer

FileLocker aids compliance — it is not a substitute for a compliance program. Always confirm specifics with your own compliance officer or legal counsel before relying on it for a regulated workflow.

Trust is earned through mathematics, not marketing.

Start delivering sensitive files with encryption your compliance officer can actually verify.