Privacy Shield: When Standard Encryption Isn't Enough

Every SealedFor capsule is encrypted with AES-256-GCM, the same standard used by banks and intelligence agencies. For most people, that's more than enough. Each file is individually encrypted with a unique key, and no one can read it without authorization.

But some data demands the highest possible level of protection. Crypto wallet seed phrases, financial account credentials, legal documents, or trade secrets. When the stakes are high, standard server-side encryption may not be enough. For these cases, SealedFor offers Privacy Shield.

What Is Privacy Shield?

Privacy Shield is an optional add-on ($5.99 incl. tax per capsule) that shifts encryption control from the server to you. With standard encryption, decryption keys are protected server-side. With Privacy Shield, your browser generates a unique Viewing Key that never leaves your device. Without it, no one can decrypt your capsule, including us. Here's how it works:

1. You create a capsule and enable Privacy Shield.
2. Your browser generates a unique Viewing Key locally. The key is never sent to our servers.
3. Each uploaded file is encrypted in your browser before being sent to our servers. File encryption keys are wrapped with your Viewing Key.
4. Before payment, you must confirm that you've saved the Viewing Key.
5. You pass the Viewing Key to your recipient through a separate channel (in person, by phone, via SMS).

The result: our servers never have access to your Viewing Key. Even a full infrastructure compromise would not allow anyone to decrypt your capsule. This is true zero-knowledge encryption.

How Privacy Shield Differs from Standard Encryption

With standard SealedFor encryption, your files are protected by a server-side master key. This is extremely secure: an attacker would need to breach both the database and the server environment simultaneously to decrypt anything. That's a very high bar, and it protects the vast majority of users perfectly well.

Privacy Shield raises that bar to its absolute maximum. Here's how the two compare:

This is zero-knowledge encryption: the Viewing Key is generated in your browser and never reaches our servers. We have no access to the keys needed to decrypt your data.

Who Needs Privacy Shield?

Privacy Shield isn't for everyone. For a birthday message or a family photo capsule, standard encryption is more than sufficient. But there are situations where the extra layer matters enormously:

Cryptocurrency Holders

If your capsule contains wallet seed phrases or private keys, a breach could mean losing everything. With Privacy Shield, even a total infrastructure compromise wouldn't expose your keys. Combined with a Guardian Release, it's one of the safest ways to pass on crypto to your family.

Legal Professionals and Whistleblowers

Attorney-client privilege. Sensitive evidence. Internal documents that could trigger retaliation. If you're storing something that absolutely cannot be seen by anyone except your intended recipient, Privacy Shield ensures it stays that way.

Business Owners with Trade Secrets

Proprietary formulas, source code, client lists, strategic plans. If your capsule contains business-critical information that could damage your company if leaked, Privacy Shield provides the strongest available protection.

People Who Simply Value Maximum Privacy

You don't need a dramatic reason. Some people prefer knowing that no one, not even the service provider, can access their data under any circumstances. That's a perfectly valid reason on its own.

How to Use Privacy Shield: Step by Step

Setting up Privacy Shield takes about 30 seconds longer than creating a standard capsule.

Step 1: Create Your Capsule

Start creating a capsule as usual: choose your delivery type, then select your tier.

Step 2: Enable Privacy Shield

You'll see the Privacy Shield option. Toggle it on. The add-on costs $5.99 (incl. tax) per capsule (one-time, no subscription). A unique Viewing Key is generated instantly in your browser.

Step 3: Upload Content

Upload your files and write your message. Every file is automatically encrypted in your browser before being sent to our servers. Your message text is also encrypted client-side. Our servers only ever receive encrypted data.

Step 4: Save Your Viewing Key

Before payment, your Viewing Key is displayed prominently. You must confirm that you've saved it. Copy it immediately and write it down on physical paper or put it in an offline password manager. This is the most important step. We cannot recover it for you. No one can.

Step 5: Pass the Key to Your Recipient

Your recipient will need the Viewing Key to open the capsule. Send it to them through a different channel than the capsule notification:

• In person or by phone (most secure)
• SMS, Signal, or WhatsApp (secure, since it's a different channel than email)
• In a sealed envelope stored with your will or in a safe (ideal for Guardian Release capsules)

The key point: the Viewing Key should travel through a different path than the capsule notification. Separating these channels means no single breach is enough to access your data.

Step 6: Recipient Opens the Capsule

When the capsule is delivered, your recipient will see that it's protected by Privacy Shield. They enter the Viewing Key you gave them, and the capsule is decrypted entirely in their browser. If they enter the wrong key, nothing happens. The data stays sealed.

What If the Viewing Key Is Lost?

This is the most important thing to understand about Privacy Shield: if the Viewing Key is lost, your data is gone forever. We cannot recover it. No support ticket, no exception, no backdoor. This is by design.

The whole point of Privacy Shield is that no one except the key holder can access the data. If we could bypass it, so could an attacker. The security guarantee and the risk of loss are two sides of the same coin.

That's why Privacy Shield isn't enabled by default. It's a conscious choice for people who understand the tradeoff and have a plan for keeping the key safe.

Privacy Shield + Guardian Release

Privacy Shield works seamlessly with Guardian Release delivery. Here's a common setup:

1. You create a capsule with sensitive content (crypto keys, confidential documents).
2. You enable both the Guardian Release and Privacy Shield.
3. You save the Viewing Key and put it in a sealed envelope in your home safe, along with a note explaining what it's for.
4. You tell a trusted person where the envelope is.
5. As long as you respond to check-in emails, the capsule stays sealed.
6. If you stop responding, the capsule is delivered. Your recipient opens the envelope, enters the Viewing Key, and accesses everything you left for them.

This combination provides the highest possible level of security for delivering sensitive data in the event of your passing. Your crypto keys, passwords, and sensitive documents are protected from everyone, including us. Your loved ones gain access only when they need it, and only with the Viewing Key.

A Note on Transparency

We believe in being honest about what Privacy Shield is and what it isn't. Here's what you should know:

• Privacy Shield is true zero-knowledge encryption. Your Viewing Key is generated in your browser and never sent to our servers. Files are encrypted client-side before upload. When your recipient enters the Viewing Key, decryption also happens entirely in their browser. At no point does the key or unencrypted content exist on our infrastructure.
• Metadata is not zero-knowledge. We can see file names, file sizes, sender/recipient email addresses, and delivery dates — we need these to operate the service. What we cannot see is your file content, message text, or encryption keys.
• For maximum security, the Viewing Key should be transmitted through a separate channel. Sending it by email alongside the capsule notification reduces the security advantage.
• If the Viewing Key is lost, the data is unrecoverable. This is not a limitation. We designed it this way on purpose.

We call it zero-knowledge because that's exactly what it is: we have zero knowledge of your encryption keys or file content. The Viewing Key never exists on our servers, and your files are encrypted before they leave your browser.

Pricing

Privacy Shield is a one-time add-on of $5.99 (incl. tax) per capsule. No subscription, no recurring fees. It works with any tier (Capsule, Capsule+, Capsule Pro) and any delivery type.

For context: you're paying $5.99 to ensure that even in the worst-case scenario, a total breach of our entire infrastructure, your data remains completely unreadable. For anyone storing crypto keys, sensitive legal documents, or deeply private messages, that's a meaningful investment.

Getting Started

Ready to create a Privacy Shield capsule? Here's what to do:

1. Go to Create a Capsule.
2. Choose your delivery type and enable Privacy Shield.
3. Upload your content — files are encrypted in your browser automatically.
4. In the Review step, save your Viewing Key and confirm you've stored it safely.
5. Complete the checkout.
6. Pass the key to your recipient through a separate, secure channel.

The whole process takes less than 10 minutes. Your most sensitive data deserves the strongest protection available. Privacy Shield gives you exactly that.