Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.archivecircle.xyz/llms.txt

Use this file to discover all available pages before exploring further.

Eternum is designed so the server cannot read vault contents.

What stays local

  • The plaintext master key
  • Plaintext vault item content
  • Plaintext trusted-contact shares during activation and release
  • Beneficiary-side reconstructed master key

What the server stores

  • Encrypted vault item metadata and encrypted blobs
  • Encrypted data encryption keys
  • Encrypted or sealed recovery shares
  • Trusted contact and beneficiary records
  • Death verification pipeline state
  • Audit logs and billing records

Server compromise assumptions

If the server is compromised, an attacker may see encrypted blobs, metadata, user emails, pipeline state, and audit records. They should not be able to decrypt vault contents without enough recovery shares and the required client-side keys.
Zero-knowledge vault encryption does not hide all metadata. Item names, contact emails, beneficiary emails, timestamps, and billing records may be visible to the service.