How HeroVault Works
HeroVault is built around one idea: you should be the only one who can unlock your vault. Not us. Not anyone else.
Client-side encryption
Your vault is encrypted before it leaves your device
Everything is encrypted fully client-side using AES-256-GCM. We never receive unencrypted vault data, and we never store your encryption keys.
What this means:
Key fragmentation
No single key to steal
Instead of relying on a single "master key", HeroVault splits the vault key into fragments using Shamir's Secret Sharing (SSS).
What this means:
NFT Access Key
Your NFT is the authorization layer
Your NFT acts as the proof that you're the rightful owner of the vault. Only NFT ownership can authorize the reconstruction of the fragments needed to unlock your data.
This authorization mechanism is built on Ternoa, a blockchain infrastructure designed for secure data ownership. Ternoa’s protocol has been independently audited, providing a robust foundation for NFT-based access control.
What this means:
Backup & recovery
Recovery is real — but sovereignty has a cost
During setup, you download a backup file. This backup is required to restore access later.
Important: If you lose your backup and you lose access to your NFT, we cannot recover your vault. That's the tradeoff of true zero-knowledge sovereignty.
Storage on private IPFS
Your encrypted vault isn't trapped on our servers
Your encrypted vault is stored on a private IPFS network (distributed nodes). Even if HeroVault disappears, your encrypted vault remains available.
What this means:
Email Aliasing
Hide your real email everywhere
HeroVault includes email aliasing powered by HeroMail:
What this means:
Autofill
Autofill that's built to be reliable
HeroVault focuses on reliable autofill for login forms. We use lightweight AI-enhanced detection to improve recognition without slowing down your browser.
Be the hero of your data
No master password. No central authority. Just you and your vault. Join the beta and take control.