How we protect your data
Linkbase uses end-to-end encryption, meaning your data is encrypted on your device before it ever reaches our servers. We never have access to your encryption keys or unencrypted data.
When you create an account, a unique encryption key is derived from your password using PBKDF2 with 100,000 iterations and a random salt. This key never leaves your device.
All your content (library names, descriptions, links) is encrypted in your browser using AES-256-GCM before being sent to our servers. Each piece of data uses a unique initialization vector (IV).
Our servers only store encrypted blobs. We have no way to decrypt this data. Even our database administrators cannot read your content.
When you access your data, the encrypted content is sent to your device where it's decrypted using your key. The decrypted data only exists in your browser's memory.
| Encryption Algorithm | AES-256-GCM |
| Key Derivation | PBKDF2-SHA256 |
| Key Derivation Iterations | 100,000 |
| Key Size | 256 bits |
| IV Size | 96 bits (12 bytes) |
| Salt Size | 128 bits (16 bytes) |
| Password Hashing | bcrypt (cost 10) |
Complete Privacy: Nobody—not even us—can read your data.
Protection from Breaches: Even if our servers were compromised, attackers would only get encrypted data they cannot decrypt.
Legal Protection: We cannot be compelled to hand over readable data because we don't have access to it.
Because we use true end-to-end encryption, we cannot recover your data if you forget your password. Your password is the only key to your encryption. Please store it safely and consider using a password manager.
Our encryption implementation uses the Web Crypto API, a browser-native cryptographic library that has been thoroughly audited and is considered industry standard.
Questions about our encryption? Contact us at security@linkbase.codes