Zero-Knowledge Security
Your data is encrypted in the browser. Our servers never see plaintext. Protected by mathematics, not just policy.
How It Works
Encrypt
Data is encrypted client-side using AES-256-GCM before leaving the browser.
Transmit
Only ciphertext travels over TLS 1.3. Our servers store encrypted blobs they cannot read.
Decrypt
Organization keys (RSA-2048) decrypt data only for authorized users in the browser.
Security Features
Client-Side Encryption
AES-256-GCM + RSA-2048
PII Auto-Detection & Redaction
Emails, phones, SSN, Aadhaar, PAN
Metadata Stripping
EXIF, PDF metadata, GPS data
Immutable Audit Trail
Database-trigger level, cannot be bypassed
Row-Level Security
PostgreSQL RLS, complete tenant isolation
Role-Based Access Control
Reporter, Intake Officer, Investigator, Administrator
Multi-Region Data Residency
Frankfurt, Mumbai, Virginia
Multi-Factor Authentication
TOTP + email fallback
Certifications
ISO 27001 certified
SOC 2 Type II certified
Independent zero-knowledge security audit
GDPR compliant (DPA available)
Responsible Disclosure
Found a vulnerability? We appreciate responsible disclosure. Please report security concerns to security@lisnto.me.