Security Overview
Security is the foundation of TorrinPass. We use the same encryption standards trusted by governments, banks, and security professionals worldwide.
Our Security Principles
Section titled “Our Security Principles”1. Zero-Knowledge Architecture
Section titled “1. Zero-Knowledge Architecture”We never see your master password or your data. All encryption happens on your device.
2. Defense in Depth
Section titled “2. Defense in Depth”Multiple layers of security protect your data, so a single failure doesn’t compromise everything.
3. Open Standards
Section titled “3. Open Standards”We use proven, audited cryptographic algorithms—not proprietary “security through obscurity.”
4. Minimal Data Collection
Section titled “4. Minimal Data Collection”We only collect what’s absolutely necessary to provide the service.
Encryption Stack
Section titled “Encryption Stack”| Layer | Technology | Purpose |
|---|---|---|
| Key Derivation | PBKDF2-SHA256 (210,000 iterations) | Protect master password |
| Data Encryption | AES-256-GCM | Encrypt passwords |
| Password Sharing | P256 ECIES | End-to-end encrypted sharing |
| Transport | TLS 1.3 | Secure network communication |
| Local Storage | iOS Keychain + Core Data | Secure device storage |
Security Features
Section titled “Security Features”Military-grade authenticated encryption for all your data.
We can’t access your data—even if we wanted to.
210,000 iterations protect your master password from brute-force attacks.
End-to-end encrypted sharing using elliptic curve cryptography.
Device Security
Section titled “Device Security”Biometric Protection
Section titled “Biometric Protection”Face ID and Touch ID provide convenient, secure access.
Secure Enclave
Section titled “Secure Enclave”Your master password is protected by Apple’s hardware security module.
Auto-Lock
Section titled “Auto-Lock”TorrinPass automatically locks after a configurable timeout.
Clipboard Clearing
Section titled “Clipboard Clearing”Copied passwords are automatically cleared from clipboard.
Cloud Security
Section titled “Cloud Security”Firebase Security
Section titled “Firebase Security”- Data encrypted before upload
- Firestore security rules prevent unauthorized access
- No server-side decryption possible
Sync Security
Section titled “Sync Security”- All synced data is encrypted with your MEK
- TLS 1.3 for transport security
- Certificate pinning prevents MITM attacks
What We Don’t Have Access To
Section titled “What We Don’t Have Access To”| Data | Can TorrinPass Access? |
|---|---|
| Your master password | ❌ No |
| Your passwords | ❌ No |
| Your 2FA secrets | ❌ No |
| Your notes | ❌ No |
| Decryption keys | ❌ No |
Security Best Practices
Section titled “Security Best Practices”For Your Master Password
Section titled “For Your Master Password”- Use at least 12 characters
- Include uppercase, lowercase, numbers, and symbols
- Don’t reuse passwords from other sites
- Consider using a passphrase (e.g., “correct-horse-battery-staple”)
For Your Account
Section titled “For Your Account”- Enable biometric unlock for convenience
- Set a reasonable auto-lock timeout
- Keep your device’s iOS updated
- Enable Find My iPhone for remote wipe capability
Reporting Security Issues
Section titled “Reporting Security Issues”Found a security vulnerability? Please report it responsibly:
Email: security@torrinpass.com
We take all security reports seriously and will respond within 48 hours.