Where is the key?

When I show KarSafe to friends, one question comes up more than half the time:

"Why would anyone be forthcoming about uploading personal tax documents? And if they do, why not just use Google Drive, OneDrive, Dropbox, iCloud, or Box? They're encrypted too."

It's a fair question. Here is the honest answer.

Every cloud provider encrypts. The question is: where is the key?

Google Drive, OneDrive, Dropbox, iCloud, Box — they all encrypt your files. TLS in transit, AES-256 at rest. That part is table stakes.

What actually matters is this: who holds the key that decrypts the file?

With every mainstream cloud storage service, the provider holds the key. They generate it on their servers, keep it in their key management system, and decrypt your file whenever the system needs to — for search indexing, for AI features, for sharing, for policy scans, or when an authority compels them.

That's not wrong. It's what those services are designed to do. But it means:

• A subpoena or government request can deliver your documents in plaintext — the provider has the key to comply.
• Employees with access to the key management system can read your files, subject to internal policy.
• AI and search features index the contents of your documents, often without an explicit per-document opt-in.
• A breach of the provider's key management system means plaintext exposure of everything they store.

The file is encrypted, but the encryption protects the provider's infrastructure from hard-disk theft. It does not protect your documents from the provider.

"What if I encrypt each file myself before uploading?"

This is a reasonable workaround. You can zip files with a password, use a PGP tool, or an encryption utility before dropping the result into Drive or Dropbox. Two problems show up quickly.

Problem one: every document, every time.

You have to remember to encrypt. You have to name the file correctly. You have to keep a record of which password went with which archive. Every time you want to view the document, you download, decrypt, read, and carefully do not leave a decrypted copy behind. A year of tax receipts is a lot of repetitions. A decade of them — the retention period Indian tax law actually asks for — is almost impossible to sustain.

Problem two: one password, one key.

If you reuse the same password across all your documents — which almost everyone does — every document is protected by the same key. If one encrypted archive is stolen and the password is guessed, leaked, or reused somewhere else that gets breached, every document in your collection is exposed at once.

To do per-file encryption properly you would need: a different random key for every document, a way to keep track of those keys, a way to unlock them without typing a long password each time, and a way not to lose everything when you change phones.

That is a vault. That is what KarSafe is — designed to do per-document encryption properly, automatically, on a modern iPhone or Android phone.

What a vault actually is

Think of a bank locker. When you rent one, the bank holds one key and you hold the other. Neither of you can open the locker alone — you need both keys, used together.

That separation is the security. The bank cannot open your locker to satisfy its own curiosity, to sell data, or to respond to a casual request. Your locker is private from the bank itself.

Cloud storage is not a vault in that sense. It's a locked warehouse where the provider owns the only key.

KarSafe goes further than a bank locker

A bank locker key is a physical object. You can lose it. You can leave it somewhere. Someone can copy it.

KarSafe's key isn't a physical object. It is reconstructed on your phone, each time you unlock the app, from three things:

• Something you have — this specific phone, registered to your account.
• Something you know — your PIN.
• Something you are — your biometric (Face ID, Touch ID, fingerprint).

All three live on your side. Unlike server-side key generation and key escrow systems that cloud providers use, KarSafe employees cannot decrypt your documents — because the key is with you, not with us. Not a partial copy. Not an escrow copy. Not a master override. The KarSafe server holds only the wrapped form of your files: encrypted blobs that are unreadable without the keys reconstructed on your phone.

A different key for every document

Here's what makes KarSafe more than a neater version of password-protected zip files.

When you add a document to KarSafe, your phone generates a fresh random 256-bit AES-GCM key, just for that one document. The document is encrypted with that key. Only then does anything leave your phone.

Each document gets its own key. No two documents share a key. The per-document keys are themselves wrapped — again on your phone — by a master key derived from your PIN and bound to your device and biometric.

• If a single encrypted document were stolen from the server, the attacker would face AES-256-GCM with a unique key. AES-256 is considered quantum-resistant for its class: the best known quantum attack (Grover's algorithm) reduces its effective strength to 128-bit, which remains beyond reach even for hypothetical large-scale quantum computers. Breaking one document is, in practice, infeasible.
• Even if somehow one document were cracked, every other document in the vault is encrypted with a different key. Compromising one tells the attacker nothing about any other.
• The keys themselves are not on the server at all. Cracking one document does not reveal a master key that unlocks the rest — because the master key is not stored anywhere on the server. It's reconstructed on your phone each time you unlock the app, and it never leaves.

A password-protected zip gives you one wall. A vault with a different key per document gives you a wall between every single document. If anything ever goes wrong on the server side, the blast radius is one file at worst — not your whole tax life.

What if authorities ask?

This is a fair question, especially for people with foreign income who live with 16-year retention obligations under the Black Money Act. The honest answer:

If a lawful authority compels KarSafe to produce what it stores, what KarSafe can produce is the encrypted blob. The key is not on our side to hand over. To read the document in the clear, someone has to come to you — with your phone, your PIN, and your biometric. That is how a vault differs from a warehouse. The warehouse owner holds the key and can be compelled directly; the vault owner holds the key and must be present for it to open.

And because each document has its own key, a situation that involves one document does not implicate any other. Nothing cascades. The rest of the vault stays sealed.

Why this matters specifically for tax documents

Tax documents aren't holiday photos. The combination — PAN, salary slips, bank statements, Form 16, foreign income records, rent receipts — is the exact set used to impersonate someone. Losing control of this set is not the same as losing control of a camera roll.

Indian law requires you to retain income proofs for seven years, reassessment cases for ten, and foreign asset evidence for sixteen. Some of these documents sit in storage for more than a decade before anyone asks to see them. A lot can happen to a cloud account, a password, a provider's internal policies, or an industry's security posture in sixteen years. Anything encrypted under a key held by someone else is a long bet on that someone else remaining trustworthy, solvent, and uncompromised.

A vault where the key is reconstructed fresh on your phone each time — and where every document has its own key — takes that bet off the table.

The honest tradeoff

A vault where only you hold the key means there is no reset button. If you lose your phone, forget your PIN, and also lose the 24-word recovery phrase we ask you to write down at setup, your documents cannot be recovered. There is no support team that can retrieve them — not because we won't, but because the keys were never on our side to do so with.

That is the cost of a real vault. It is the same cost you accept when you hold the only key to a safe deposit box. The recovery phrase is the thing to keep safely — and unlike a physical key, a piece of paper in a safe place does not wear out.