A visual security guide

See what happens to your information.

Stax Pass is built so your private information is locked on your device before protected records are synced. This page shows the path, the limits, and what you need to keep safe.

No hype. No “trust us” language. Just how the protection is designed to work.

The vault journey

Readable for you. Protected before it travels.

When you save something, the app is designed to protect it locally first. The service can then carry and sync the protected record without needing the readable content inside.

Readable only on your unlocked deviceProtected record carried for syncAccount and device information still helps the service operate

Two different kinds of security

Your account entrance is not your vault key.

It is important not to mix these up. Email and device checks help stop strangers from entering your account. Your password and recovery phrase are what unlock your vault.

Account entrance

Email verification and device approval

These checks help confirm an email inbox and approve a new device. A six-digit email code is short-lived and should stay private.

It cannot decrypt your vault.

Vault unlock

Your password or recovery phrase

These secrets are used locally to unlock protected key material. They are not interchangeable with an email code or a support request.

These are the paths into your vault.

How the keys fit together

One unlock opens the next layer—not everything at once.

This is a simplified map of the local key structure. Select a layer to see its job.

Private sign-in proof

How can the service verify you without keeping your password?

Stax Pass uses a password and recovery authentication system called OPAQUE. In plain English: your app and the service perform a protected proof. The service can confirm the proof without receiving the raw password or recovery words as a reusable secret.

Your device
Your password
stays here
protected proof
Stax Pass service
Proof checks out
Approved

The service sees the protected authentication exchange—not a customer-support list of raw passwords or recovery phrases.

Recovery, without fine print

Know your path back in before you need it.

Your 12- or 24-word phrase is an alternate way to unlock your User Root Key. It is not a customer-service reset code. Choose a situation below.

You still have your recovery phrase

You have a recovery path.

Use the recovery phrase on a new device to prove access and set a new password. Afterward, store the password and phrase separately and securely.

Support does not need to see the phrase to help the recovery flow work.
!

The non-negotiable part: if both your password and recovery phrase are gone, and you no longer have an unlocked device, the vault cannot be decrypted. Stax Pass cannot rebuild the key, reset the vault open, or use an administrator backdoor—because we do not keep one.

Technical reference

The names behind the protection.

These are public, reviewed cryptographic tools—not secret algorithms. The important part is what each one does for you.

01

XChaCha20-Poly1305

Vault encryption and tamper detection

Acts as the lock and tamper seal on a protected vault record. It is designed to keep contents unreadable without the right key and reject a record that was modified.

Does not protect an already unlocked device.
02

Argon2id

Password-derived unlock material

Deliberately makes deriving unlock material from a password expensive. That makes large-scale guessing harder and slower for an attacker.

Does not turn a weak or reused password into a safe one.
03

RFC 9807 OPAQUE

Password and recovery authentication

Lets the app prove your password or recovery phrase during sign-in without giving the API the raw words as a reusable secret.

Does not eliminate the need to protect your email and devices.
04

HPKE · X25519 · HKDF-SHA256

Recipient-specific secure sharing

When sharing is used, these tools make a protected copy for the intended recipient instead of exposing a shared vault key as readable data.

Sharing still depends on choosing and trusting the right recipient.

The local crypto core is designed to use secure operating-system randomness and fail closed: damaged or unauthenticated protected data should be rejected, not quietly accepted.

Your part matters

Protect your two paths in.

Use a strong, unique password. Keep your recovery phrase private and offline. Never share a verification code, password, or recovery phrase with anyone who contacts you.

Ask a security question