Zero-Knowledge Encryption

Your medical records are encrypted before they leave your device. We literally cannot read your data - and that's by design.

What does "zero-knowledge" mean?

When we say zero-knowledge, we mean it architecturally. Your data is encrypted on your device using keys that only you control. When your encrypted data reaches our servers, it's just meaningless bytes to us.

This isn't marketing language - it's a fundamental design choice. Even if someone compromised our servers, they'd get nothing useful. No medical records, no family member names, no attachment contents.

How it works

Recordwell uses a layered encryption approach:

  • Your Primary Key - Derived from your password using Argon2id, a modern algorithm designed to resist attacks. This key never leaves your device.
  • Family Member Keys - Each person in your family has their own encryption key. Emma's records are encrypted separately from Liam's.
  • AES-256-GCM - Industry-standard encryption for all your medical records. The same encryption used by banks and governments.

Technical standards

We use well-established, audited cryptographic standards - no homegrown crypto:

  • AES-256-GCM - Authenticated encryption for all record data. NIST-approved, used by governments worldwide.
  • Argon2id - Password-based key derivation. Winner of the Password Hashing Competition, designed to resist GPU and ASIC attacks.
  • X25519 - Elliptic curve Diffie-Hellman for key exchange when sharing records between family members.
  • OPAQUE (RFC 9807) - Asymmetric password-authenticated key exchange for login. Your password is never sent to or seen by our server - not even as a hash. This also means we cannot confirm whether any specific person has registered for the service.
  • HKDF-SHA256 - Key derivation for generating per-record and per-member encryption keys from your primary key.

On iOS, we use Apple's CryptoKit framework which provides hardware-backed implementations where available.

What we can see

We believe in being honest about privacy trade-offs. Our server can see:

  • When you sync (timestamps)
  • How much encrypted data you store (blob sizes)
  • Who shares with whom (we can see that person A shares with person B, but not what they share)

Notably, because of OPAQUE, we cannot actually confirm that any particular person has an account. We store cryptographic material that lets you prove you know your password, but we cannot use it to identify you.

Our server cannot see:

  • Any medical record content
  • Family member names
  • Attachment contents or filenames
  • Your password or encryption keys

Verify it yourself

Recordwell is open source. You can audit the encryption implementation, review our architecture decisions, and verify our claims. We encourage security researchers to examine our code.

View the source code on GitHub