ClanIt logo ClanIt ← Back to home
Security & privacy

Security isn't a feature we added. It's the foundation we built on.

Every piece of content is encrypted on your device before it leaves. What reaches our servers is unreadable data that we, Apple, and our own administrators can never open. Only you hold the key.

AES-256-GCM Curve25519 Secure Enclave Zero knowledge
What we can never see
Your documents and their details
Your PIN and memorable word
Your private keys
The names of your clans
If our entire database were copied tomorrow, it would be a wall of ciphertext. Nothing in it can be read without a key that only ever exists on your device.
0
Keys to your data on our servers
0
Analytics or tracking SDKs
256
Bit keys on every piece of content
100%
Encrypted before it leaves your phone
Our commitment

Four principles we don't compromise.

Every design decision is measured against these. When convenience and security conflict, security wins.

Zero knowledge by design

We don't hold the ability to read your content, and we never want it. Encryption happens on your device, so the platform stores only ciphertext it cannot open.

Encryption you can rely on

Standard, well understood building blocks: AES-256-GCM for content, Curve25519 for key exchange, hardware-backed keys in the Secure Enclave. No invented cryptography.

Your keys, your control

Your keys never leave your device, every item carries its own key, and access is granted one item at a time. We give ourselves the least access possible, which is none.

No backdoor, no exceptions

There is no master key on our side and no hidden way in. We can't unlock your content for anyone, including ourselves, and we're honest about the cost: lose your devices and your memorable word, and not even we can bring it back.

Under the hood

What makes ClanIt secure.

The concrete mechanisms behind the promise, each doing one job well.

Encrypted on your device

Content is sealed before it ever touches the network. The server receives an opaque blob and stores it exactly as received.

Keys that never leave your phone

Your private key is generated on device and protected by the Secure Enclave. It is never uploaded, backed up, or transmitted.

A unique key for every item

Each tile item gets its own random content key. Compromising one item never exposes another, and when you share a clan those keys are wrapped for each member's device.

Share a clan, revoke in a tap

Access is granted through clans and withdrawn instantly. Remove a member and every device they own drops that content on its next sync.

Trusted devices only

A device becomes trusted only after proving the memorable word. New devices are provisioned deliberately, and any device can be revoked at once.

No tracking, ever

No analytics SDKs, no advertising identifiers, no data brokers. Logs never contain your content. ClanIt is funded by subscriptions, not your data.

The encryption model

How your data is locked, and only ever unlocked by you.

ClanIt uses envelope encryption: a fast key locks your content, and a key only you hold locks that key. Here is the full chain, in plain terms.

1 Your keys are born on your device

On first sign in, your device generates a Curve25519 key pair. The public key is shareable and lives on the server; the private key is sealed by your PIN and held in the Secure Enclave. It never leaves.

2 Each item gets its own content key

When you save a tile item or note, a fresh random 256-bit key encrypts the content with AES-256-GCM. This data key is used once, for that item alone.

3 The content key is wrapped, not stored

That data key is itself encrypted with your public key, so only your private key can recover it. To share an item, the same key is wrapped for each entitled member's device. No shared passwords, no re-encrypting the content.

4 The server only ever holds ciphertext

Sealed content and wrapped keys are all that sync to the cloud. To read an item, your device unlocks your private key with your PIN, unwraps the data key, and decrypts the content, entirely on device.

The unlock path
Your PIN
Known only to you, never sent
Unlocks your private key
Held in the Secure Enclave
Unwraps the item's data key
A unique 256-bit key per item
Your content, in the clear
Decrypted on device, only for you
Recovery

Getting back in, without us holding a key.

True zero knowledge means we can't reset your access like an ordinary password. Instead, recovery is rooted in something only you hold.

Your memorable word

At setup you choose a memorable word. It never leaves your device, but it lets a new device re-derive access to your keys. Add a new phone and prove the word, and you are back in, with no server ever decrypting anything.

A new device, provisioned safely

Existing trusted devices help bring a new one up to date automatically once it is trusted. Lost a phone? Revoke it, and it loses access to everything the moment it next tries to sync.

The honest limit

If you lose every trusted device and your memorable word, no one can recover your encrypted content, including us. That is the direct cost of real zero knowledge, and we would rather be honest about it than keep a backdoor that defeats the point.

Defense in depth

Encryption is the core. These guard the edges.

Even though content is unreadable without your key, the surrounding system is hardened so the path to it stays clean.

Genuine-app verification

App Attest confirms requests come from the real, unmodified ClanIt app on a genuine Apple device, blocking tampered clients and scripted abuse.

Certificate pinning

The app only talks to ClanIt over connections it can verify, so a fraudulent certificate or intercepting proxy cannot sit in the middle of your traffic.

Rate limiting & abuse controls

Sensitive actions are bounded and monitored, so guessing, flooding, and automated abuse are throttled before they become a problem.

Logs without your content

Operational logs record that something happened, never what it was. No decrypted content, keys, or wrapping material is ever written to a log.

Guarantees

The promises that never bend.

Your content is encrypted before it leaves your device, always.
The server can never read what it stores.
A removed member loses access on their next sync, on every device.
A tile item always has at least its owner entitled, and never zero.
No ads, no trackers, and your data is never sold or mined.
For the technically curious

The building blocks, named.

We use established, public cryptographic primitives. Nothing here is bespoke or secret.

Content encryption
AES-256-GCM, unique key per item
Key exchange & wrapping
Curve25519, per-device wrapped keys
Private key storage
Secure Enclave, PIN-sealed
Identity
Sign in with Apple, no passwords
App & transport integrity
App Attest, certificate pinning
Data at rest on server
Ciphertext only, never plaintext

Common questions

What happens to my data if your servers are breached?
A breach would expose only ciphertext: sealed content and wrapped keys. None of it can be read without a private key that exists solely in your device's Secure Enclave. There is no master key on our side to steal.
What if I forget my PIN?
On a device that is already trusted, you can re-establish a PIN using your memorable word. The PIN protects your key locally; it is never sent to us, so we can neither see it nor reset it for you.
What if I lose all my devices?
Set up a new device and prove your memorable word to regain access to your keys and content. If both the devices and the memorable word are lost, the content cannot be recovered by anyone, including us. It is the honest cost of real zero knowledge.
Do you use my data or show ads?
Never. There are no ads, no analytics SDKs, and no trackers. We could not mine your content even if we wanted to, because it is encrypted to keys we don't hold. ClanIt is funded by subscriptions.
Is the Apple Wallet emergency card encrypted too?
The ICE card you generate for Apple Wallet is the one deliberate exception: it writes the values you choose as plain text onto the pass, so a first responder can read it without your PIN. We tell you this clearly before you generate it. Your encrypted content itself stays zero knowledge throughout.

Security you don't have to think about.

Set a PIN, store what matters, and let the encryption work quietly underneath.

Download ClanIt for iOS