D3Dead · Dying · Disabled

Security & privacy

How D3 protects you.

D3 holds some of the most sensitive information in your life. We treat that as a sacred responsibility. Here’s exactly how that works under the hood.

Field-level encryption with AES-GCM-256

Sensitive fields — Social Security numbers, account numbers, passwords, PINs, recovery codes — are encrypted in your browser before they ever leave your device. The encryption key is derived from your passphrase using PBKDF2 with SHA-256 and 250,000 iterations, plus a unique 16-byte salt generated for your account. Each encrypted field gets its own random 12-byte IV. The result is stored as v1:base64(IV ‖ ciphertext) in Postgres.

The passphrase never reaches our servers

Your passphrase exists only in your browser’s memory while you’re actively using D3. We don’t store it, log it, or transmit it. We cannot recover it for you. We strongly recommend writing it down somewhere only you (and ideally a designated representative) can access.

Row-level security in PostgreSQL

Every table that holds your data has user_id = auth.uid() policies enforced by Postgres itself, in addition to the encryption layer. Even if someone obtained an anonymous Supabase API key, they could not query another user’s rows.

Magic-link authentication

D3 uses passwordless sign-in via email magic links. There’s no password to phish, leak, or forget. Sessions live in HTTP-only cookies and are auto-refreshed on each request.

OCR runs server-side, transiently

When you scan a document, the file is sent over TLS to our server and forwarded to Anthropic’s Claude vision model with a 60-second signed URL. Extracted fields are returned to you for review. The file itself remains in your private bucket; we never share or retain it elsewhere.

What we cannot protect against

D3 cannot prevent: someone with physical access to your unlocked device, malicious browser extensions, screen-recording malware on your computer, or anyone you voluntarily share your passphrase with. Treat your D3 like a paper binder full of your most sensitive documents — because it is one, just better organized.

Found a security issue? Email security@flagship.is. We take responsible disclosure seriously and will respond within 48 hours.