Security you can understand
No marketing speak. Here's exactly what we store, what we never store, and how we protect your data.
What we store
Wallet nicknames
The friendly name you give a wallet, like 'Main Bitcoin'.
Recovery guide text
The plain-English instructions you write yourself.
Beneficiary contact info
Name and email so we know who to notify.
Account credentials
Email + bcrypt-hashed password. Your plain password is never stored.
What we NEVER store
Private keys
Never. Not encrypted, not hashed. Never transmitted to our servers.
Seed phrases
Your 12 or 24 word recovery phrase never touches CharonPass.
Wallet passwords or PINs
We store notes you write — we never ask for actual passwords.
Exact crypto balances
We only store a value range you choose, like '$10k-$50k'.
Encryption & Infrastructure
AES-256 at rest
All stored data is encrypted with AES-256, the same standard used by banks and governments.
TLS 1.3 in transit
All data transmitted between your browser and our servers is encrypted with TLS 1.3.
PostgreSQL + backups
Data is stored in a managed PostgreSQL database with daily encrypted backups and point-in-time recovery.
GDPR Compliance
Data portability
You can request a full export of all your data at any time from your account settings.
Right to deletion
You can permanently delete your account and all associated data. This is irreversible.
Data minimization
We only collect what we need to provide the service. We don't track behavior or sell data.
Breach notification
In the event of a data breach, we will notify affected users within 72 hours as required by GDPR.