Cloud Hosting

Turtl uses encryption to protect your data in such a way that only you, andthose you choose, are able to view your data. Keep reading for a high-leveloverview of Turts encryption and how it protects you.

Simply put, encryption is the process of scrambling data. Generally, this isdone using a key which is usually a passphrase. The only way to de-scramblethe data is using that passphrase.

Turtls encryption works by generating a key for you based on youremail and password. This key is used to lock and unlock (or encrypt anddecrypt) your data and keep it private. All of the encryption in Turtl happensbefore any data leaves the app, meaning that even if someone is snooping in onyour connection or someone hacks our database, everything youve put into Turtlis just gibberish to them.

Without the keys that only you hold, your data is useless.

As mentioned, Turtl creates a key for you when you log in based on your emailand password. It wouldnt be very useful if you had to give people this key whenyou shared data with them because it would give them access to all your data.Instead, Turtl generates a new, random key for each object. This key is whatis sent to people when sharing, allowing them to unlock the specific item yousend them and nothing else.

Keys are stored one of two ways:

If youre looking for a more comprehensive look at how Turtl does encryption,check out the encryption specifics page of the docswhich goes over the ciphers, block modes, and other methods Turtl uses whenhandling your data.

Encryption specifics

Turtl has a feature that keeps you logged in if the app is closed and reopened.This feature may have security implications. Read more about the Stay logged infeature.

Here are some possible scenarios where Turtls security measures will fail you.We try to provide an exhaustive list so youre aware of the dangers of relyingon Turtl.

More:
Security and encryption | Documentation | Turtl