Every claim on this page is verifiable. No trust required — just cryptography.
The Advanced Encryption Standard with 256-bit keys, in Galois/Counter Mode. The same cipher the US National Security Agency approves for Top Secret classification. Cracking it by brute force with every computer on Earth running in parallel would take longer than the age of the universe.
Your password is never used directly as an encryption key. Argon2id — winner of the Password Hashing Competition — transforms it into a cryptographic key while consuming enough memory and time to make automated brute-force attacks computationally infeasible.
Decryption happens entirely inside the recipient's browser using the native Web Crypto API. No file, password, or metadata ever touches a server. FileLocker has no cloud infrastructure — because it needs none.
FileLocker's unlock page uses the Web Crypto API — a cryptography implementation built directly into every modern browser. There are no third-party libraries to audit, no external dependencies to trust, and no network calls to intercept. The decryption key is derived and used entirely in local browser memory, then discarded.
Security is about being specific, not making blanket claims. Here's exactly where FileLocker helps.
The HIPAA Security Rule's technical safeguards call for encryption of electronic protected health information at rest and in transit. FileLocker's offline AES-256 encryption is built to support this requirement for physical media.
Article 32 requires "appropriate technical and organisational measures" including encryption of personal data. Delivering files pre-encrypted on physical media, with decryption keys shared separately, is one such measure.
FileLocker aids compliance — it is not a substitute for a compliance program. Always confirm specifics with your own compliance officer or legal counsel before relying on it for a regulated workflow.
Start delivering sensitive files with encryption your compliance officer can actually verify.