Guided Security Tour

Secure

Step through each security layer. Learn why each measure exists, what it prevents, and what happens in failure scenarios. Click any step to expand it.

This is a sales tool: Walk a prospective client through this tour to explain why their data is safe. Each step answers the question: what would an attacker need to compromise to reach plaintext data?

Why It Matters

Even with HTTPS, servers could log request bodies, be compromised, or have buggy code. Client-side encryption means the server only ever receives ciphertext - your SSN is unreadable by the application code itself.

What Happens

When you type an SSN and click away, the browser runs AES-256-GCM encryption using the Web Crypto API. The plaintext is immediately wiped from React state. Only the ciphertext is sent over the network.

What Happens If...

Correct SSN entered→Allowed

Encrypted client-side → stored as ciphertext → only masked value shown

Server gets compromised→Blocked

Attacker sees only ciphertext. DEK is separate from data. Double-encrypted.

Network traffic intercepted→Blocked

Layer 2 (HTTPS) + Layer 3 (AES-GCM) both broken before this matters

🛡

Ready to see it live?

Each layer is demonstrated in the interactive demo pages. Try submitting a real (fake) SSN and watch the encryption happen in real time.

Guided Security Tour

Client-Side Encryption

Why It Matters

What Happens

What Happens If...

3-Factor Authentication

Auto-Clear Display

Device Trust

IP Allowlist

Immutable Audit Log

Envelope Encryption

Ready to see it live?