Encryption
Strong encryption, used correctly, everywhere it matters.
Encryption is only as good as the way it's used. This page lays out the algorithms, key management, and trust model behind every WordsLater message - so you can verify, not just trust.
Encryption at a Glance
AES-256-GCM
At Rest
Every message body, attachment, photo, and recording is encrypted with AES-256 in GCM mode before being written to storage. AES-256 is the same standard used by banks, governments, and the NSA for top-secret data.
TLS 1.3
In Transit
Every connection between your browser and WordsLater - and between WordsLater and our delivery providers - is protected with TLS 1.3 using strong, modern cipher suites. HTTP is permanently redirected to HTTPS, and HSTS is preloaded.
Per-message data keys
Envelope Encryption
Each message has its own unique data encryption key (DEK). DEKs are themselves encrypted by a master key managed in a hardware-backed key vault. A breach of storage alone is not a breach of content.
HSM-backed
Hardware Key Management
Master keys are stored in a FIPS 140-2 Level 3 validated hardware security module. The raw key material can never be exported - only used to wrap or unwrap data keys inside the HSM.
Zero-knowledge
Vault Items
Items you place in the secure vault (sensitive documents, account passwords for loved ones, account recovery letters) are encrypted with a key derived from your master passphrase. WordsLater never sees that passphrase. Even with our entire database, we cannot read your vault.
bcrypt
Password Storage
Passwords are never stored in plain text. We use bcrypt with a per-user salt and a tuned work factor so that even a stolen database remains infeasible to brute-force.
Standards Reference
| Layer | Algorithm | Key Size | Notes |
|---|---|---|---|
| Symmetric (at rest) | AES-GCM | 256-bit | Authenticated encryption (confidentiality + integrity). |
| Transport | TLS 1.3 | ECDHE + AES-GCM / ChaCha20 | Forward secrecy on every session. |
| Asymmetric (key exchange) | X25519 / RSA-2048+ | 256-bit / 2048-bit | Used in TLS handshakes and key wrapping. |
| Key derivation (vault) | Argon2id | memory-hard | Resistant to GPU and custom-hardware attacks. |
| Password hashing | bcrypt | per-user salt | Tuned work factor; rehashed on login as needed. |
| Signing & tokens | HMAC-SHA-256 / Ed25519 | 256-bit | For session tokens, API tokens, and email links. |
Who Holds the Keys?
Encryption is not magic; it's about who holds the keys. Here is who can access what, by design.
| Data | You | Recipient | WordsLater staff |
|---|---|---|---|
| Scheduled message body | Read & edit anytime before delivery | Read at delivery | No content access during normal operations |
| Attachments | Read & replace anytime before delivery | Download at delivery | No content access during normal operations |
| Vault items | Read with your passphrase | Read only after explicit release | Never. Zero-knowledge encryption. |
| Metadata (recipients, dates, file names) | Read & edit | Visible when message is delivered | Access for delivery, billing, abuse prevention |
| Payment details | Last 4 digits only | No access | No access (handled by PCI-compliant processor) |
About zero-knowledge vault items
Zero-knowledge means exactly that: we cannot decrypt your vault, ever, for any reason. The trade-off is that if you forget your vault passphrase, the contents are permanently inaccessible - not even WordsLater can help you recover them. We strongly recommend writing your passphrase down and storing it with a trusted person, in a safe deposit box, or in a sealed envelope alongside your other estate documents.
Key Rotation & Crypto-Agility
Annual master-key rotation
Master keys in our key vault are rotated at least annually, and on demand if a rotation event is needed. Older keys remain available only to unwrap historical data keys.
Crypto-agility
The encryption layer is versioned. When the industry moves to a new standard, we can roll forward without rewriting messages - new content is encrypted with the new scheme, old content remains readable with the old.
Want the bigger picture?
See how encryption fits into our broader security and data handling.
Security overview Data retention & custody