Is my data encrypted?

Yes, we use Zero-Knowledge AES-256 encryption. Only you have the key.

Can Safety Photo staff see my photos?

No. Due to our zero-knowledge architecture, your data is encrypted locally on your device before it ever reaches our servers.

Security Architecture

Security Policy

Last updated: February 25, 2026

AES-256 Encryption

Military-grade encryption standard used by governments and financial institutions worldwide.

Zero-Knowledge Architecture

Your Encryption Password never leaves your device. We cannot access your data — by design.

1. Overview

Safety Photo+Video employs a comprehensive security architecture designed to ensure your photos and videos remain private and protected. This document details our encryption methods, key management approach, and security practices.

Our Zero-Knowledge design means that even if our servers were compromised, your encrypted data would remain secure and unreadable without your Encryption Password.

2. Encryption Password Architecture

Your Encryption Password is Your Key

When you create your Safety Photo+Video account, you choose an Encryption Password. This password is used to derive your unique encryption keys using industry-standard key derivation functions. We never see, store, or transmit your Encryption Password.

How It Works

Password Entry

You enter your Encryption Password on your device

Key Derivation

PBKDF2-SHA256 derives a 256-bit master key from your password

Key Expansion

The master key generates file-specific encryption keys

Local Storage

Keys are stored only in your device's secure enclave

3. AES-256 Encryption Details

We use AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode) for all file encryption. This provides:

256-bit key length — 2²⁵⁶ possible combinations

Authenticated encryption — Detects tampering attempts

Unique IV per file — Prevents pattern analysis

NIST approved — Federal standard for classified data

4. Zero-Knowledge Guarantees

Our Zero-Knowledge architecture provides the following security guarantees:

Server Blindness — Our servers store only encrypted blobs with no knowledge of contents
No Backdoors — We cannot create "master keys" or bypass encryption
Subpoena Resistance — We cannot provide decrypted data to any party, including law enforcement
Breach Protection — Even if servers are compromised, your data remains encrypted

5. Infrastructure Security

Enterprise-Grade Infrastructure

Our infrastructure is hosted on SOC 2 Type II compliant data centers with:

• 24/7 physical security and surveillance
• Redundant power and cooling systems
• Geographic distribution for disaster recovery
• Regular third-party security audits

6. Security Best Practices

To maximize the security of your account, we recommend:

Choose a strong, unique Encryption Password (16+ characters recommended)
Store your Encryption Password in a reputable password manager
Keep a physical backup of your Encryption Password in a secure location
Enable biometric authentication on supported devices
Keep your device operating system and app updated
Never share your Encryption Password with anyone, including our support team

7. Security Contact

If you discover a security vulnerability, please report it responsibly to support@safetyphoto.app

We operate a bug bounty program for qualifying security researchers. Please include detailed reproduction steps and refrain from accessing user data or disrupting services during your research.