Our Security Principles

Transparency builds trust. Here's exactly how we protect your API keys.

πŸ’‘

Zero-Knowledge Architecture

A security model where the service provider has no access to user data. In Cirklu's case, we never see, store, or transmit your actual API keys in plain text.

Related: End-to-end Encryption, Client-side Security, Privacy by Design
πŸ’‘

AES-256 Encryption

Advanced Encryption Standard with 256-bit keys. Military-grade encryption used by governments and banks. Provides 2^256 possible key combinations, making it computationally infeasible to break.

Related: Symmetric Encryption, Block Cipher, Cryptographic Security
πŸ”

Zero Knowledge Architecture

What We Never See:

  • ❌Your actual API keys
  • ❌Unencrypted data in transit
  • ❌Your browsing patterns
  • ❌Which services you use

How We Ensure It:

  • βœ…All encryption happens locally
  • βœ…No key material leaves your device
  • βœ…Open source for auditing
  • βœ…Minimal permissions requested
πŸ”’

Encryption Standard

Algorithm: AES-256-GCM
Key Derivation: PBKDF2 (100,000 iterations)
Random Generation: Crypto.getRandomValues()
Implementation: Web Crypto API
πŸ’Ύ

Data Storage

Location: Your device only
Method: Chrome's encrypted storage
Sync: Encrypted across your devices
Servers: Zero persistent storage

Security Audit

~ security checklist
$ cirklu --security-audit
πŸ” Encryption: AES-256-GCM ........................... βœ… PASS
πŸ”‘ Key Management: Local-only ......................... βœ… PASS
🌐 Network: Zero key transmission .................... βœ… PASS
πŸ“± Permissions: Minimal required ....................... βœ… PASS
πŸ›‘οΈ Manifest V3: Latest security standard .............. βœ… PASS
πŸ“– Open Source: Planned post-validation ................ πŸ“… ROADMAP
🚫 Telemetry: No usage tracking ....................... βœ… PASS
Security Score: 9/10 ✨ EXCELLENT (Open Source: In Progress)
πŸ—ΊοΈ

Transparency Roadmap

We believe security through obscurity is not security at all. Here's our methodical approach to full transparency and validation.

πŸ”“

Live Hack Challenge

Community validation

βœ… ACTIVE NOW
πŸ›‘οΈ

Independent Audit

Professional security review

πŸ“… UPCOMING
πŸ“–

Core Module Open-Sourcing

Full code transparency

⏳ PLANNED
πŸ†

SOC2 Certification

Enterprise compliance

🎯 GOAL
πŸš€Join Hack ChallengeπŸ“§Get Updates

Security Questions?

We welcome security researchers and encourage responsible disclosure.

πŸ“§security@cirklu.com