Nothing is impossible for us
Linkedin Envelope

Stealth Safe

Table of Contents

What Stealth Safe Is

Stealth Safe is a security-focused app for storing personal data in encrypted vault files (“briefcases”) while keeping cryptographic control on the user’s side.

It is designed for people who want more than a password-protected notes app. Stealth Safe emphasizes:

  • strong cryptographic protection of vault files
  • user-controlled keys
  • local and cloud-folder storage flexibility
  • direct sharing of decryption access (for supported vault formats) without a mandatory centralized access server

Core Security Principles

1. Your keys protect the vaults

The most important security boundary in Stealth Safe is not the app screen itself, but the cryptographic keys used to decrypt vault files.

This means:

  • encrypted vault files remain unreadable without the correct keys
  • possession of a device or a copied vault file does not automatically provide access to the contents
  • access to a vault depends on the matching security material, not only on a simple app login success/fail state

2. The PIN is for profile access and key management convenience

Stealth Safe uses a PIN code for convenient access to a security profile and day-to-day key management.

Important clarification:

  • the PIN is not a replacement for the vault’s cryptographic keys
  • knowing or guessing a PIN is not the same as possessing the required source keys for a specific vault

In practice, vault security is anchored in cryptographic key material. The PIN improves usability and access flow inside the app.

3. No mandatory centralized access-control service

Stealth Safe is built to avoid a required third-party server that distributes or enforces access permissions between users.

Why this matters:

  • fewer centralized trust dependencies
  • fewer places where access metadata can leak
  • no mandatory provider-side control point over who can decrypt your shared vaults

Stealth Safe supports sharing and collaboration without requiring a centralized service to hold the authority over your vault access.

Why This Is Different

Many products offer “sharing” by routing trust through a vendor-managed backend that controls permissions, membership, or key distribution.

Stealth Safe takes a different approach:

  • encrypted vault files can live in storage locations you choose
  • decryption access can be shared directly between users (for supported vault formats, such as SSBC2)
  • users retain control over where files are stored and who can decrypt them

This reduces reliance on a third-party service as a permanent security bottleneck.

Security Model in Real-World Scenarios

If someone gets access to your device storage

If an attacker gains access to the device file system (or copies your vault files), they still see encrypted containers.

Without the correct keys, they cannot reliably determine:

  • the actual contents of a vault
  • whether a vault contains anything useful to them
  • who can decrypt it

This is a meaningful difference from apps that store data in easily identifiable plaintext or weakly protected formats.

If someone pressures a user to unlock the app

Stealth Safe is designed around security profiles and key-based access, not a simple “one password reveals everything” model.

The critical point remains the same: access to a specific vault requires the matching key material. Visibility of some data on a device does not automatically prove access to all vaults or to any particular encrypted vault file.

How Sharing Works (Vault Access / SSBC2)

Stealth Safe supports collaborative access management for supported vaults (SSBC2).

With Vault Access, users can:

  • add members
  • manage roles (for example owner/editor, depending on the vault setup)
  • share decryption rights directly

Important: access rights are not file delivery

Sharing access in Stealth Safe does not magically move the vault file to another person’s device.

For another user to actually see and use a shared vault:

  1. The encrypted vault file must be placed in a folder both users can access.
  2. That folder can be iCloud Drive, Google Drive, OneDrive, or another shared directory available on the device.
  3. The receiving user must add the corresponding folder path in their Stealth Safe storage settings.

Only when both conditions are met:

  • the user has decryption access, and
  • the user can physically reach the encrypted file

the shared vault becomes usable in the app.

Storage Model

Stealth Safe is flexible about where encrypted vault files are stored.

Supported storage workflows include:

  • local device folders
  • iCloud folders
  • other folders exposed to the device (including shared directories from supported providers)

Stealth Safe manages encryption, decryption access, and vault usage. It is not a hosted cloud storage provider and does not replace your file-sync/storage service.

Security Profile Backup and Recovery

Stealth Safe supports security profile export/import workflows, including QR-based transfer and backup scenarios.

This can be used to:

  • transfer your security profile to another device
  • keep a protected offline backup of the security profile (for recovery scenarios)
  • restore access to existing encrypted vault files after reinstalling or moving devices

Important security note

Profile export may include sensitive key material (including private keys, depending on the export format/workflow).

Best practices:

  • store exported profile data in a secure location
  • treat printed QR backups like highly sensitive secrets
  • do not share profile export data unless you intentionally want to transfer your own security profile

Safety Features in Access Management

To reduce the risk of accidental lockout in shared vaults, Stealth Safe includes protections in Vault Access management (SSBC2 workflows), such as:

  • preventing users from removing their own access in situations that would be dangerous
  • preventing removal of the last remaining owner of a vault

These safeguards are intended to reduce irreversible loss of decryption capability due to UI mistakes.

What You Can Use Stealth Safe For

Typical use cases include:

  • personal encrypted records
  • private notes and sensitive references
  • family-shared secure information
  • small-team shared vaults where users want direct control without a centralized permission server

Quick Start (Suggested Website Version)

  1. Create your security profile and PIN.
  2. Create a new encrypted vault (briefcase).
  3. Add your data to folders/objects inside the vault.
  4. Choose where the vault file will be stored (local folder, iCloud, shared folder, etc.).
  5. For collaboration, use Vault Access (SSBC2) to share decryption access.
  6. Make sure collaborators also have access to the shared folder path and add it in their settings.
  7. Export and securely store a backup of your security profile if needed.

Best Practices

  • Keep profile exports and private-key-related QR codes in a secure place.
  • Use shared folders only with people and storage providers you trust operationally.
  • Remember that file availability and decryption permission are separate requirements for collaboration.
  • Review vault membership and roles regularly in shared setups.
  • Protect the device itself (OS lock, updates, device encryption, backup hygiene).

Limitations and Responsibility Notes

Stealth Safe is designed to reduce central points of failure and improve user control, but no security tool can eliminate all risk.

Security still depends on:

– how safely users handle devices and backups

– whether private keys/profile exports are protected

– how shared folders and external storage providers are configured

– endpoint security on every participating device

FAQ

Does the PIN alone decrypt my vaults?

No. The PIN is used for convenient access to your security profile and key-management workflow. Vault decryption depends on the correct cryptographic keys.

Can I share a vault without using your server?

Yes. Stealth Safe is designed so users can share decryption access directly (for supported vault formats such as SSBC2) without a mandatory centralized access-control server.

If I share access, will the vault automatically appear on the other device?

Not by itself. The recipient also needs access to the encrypted vault file through a shared folder and must configure that folder path in Stealth Safe settings.

What if I lose the app but still have the encrypted files?

If you securely backed up your security profile (for example via the profile export workflow), you can restore the profile and regain access to the vaults encrypted with it.

Website Copy Snippets

Short Product Summary

Stealth Safe stores your data in encrypted vault files with user-controlled keys, direct sharing of decryption access, and no mandatory centralized access-control server.

Security Positioning Summary

Stealth Safe separates file availability from decryption rights: even if someone gets the file, they still need the correct keys. And even if access is shared, the file must still be present in a shared storage location you control.

Polska, Poznań, 60­-369
REGON: 521961673           NIP: 7792539036
Email: info@ilterra.com    Web: ilterra.com

ACCOUNT: PL93 1020 4900 0000 8702 3450 7680
BENEFICIARY: ILTERRA ( YAUHEN PANIMATCHANKA )
BANK OF BENEFICIARY: PKO Bank Polski
Kod BIC PKO Banku Polskiego SA: BPKOPLPW