Security is at the heart of Locki. We built our browser extension with a simple principle: your data should stay yours - always. This page outlines our security philosophy and how we protect your privacy and information.
All encryption and decryption happen locally in your browser. Locki never transmits, stores, or accesses your encrypted text. Your secret keys remain entirely under your control.
We designed Locki with a "zero knowledge" model - meaning we literally have no access to what you encrypt. Even if we wanted to, we could not view, decrypt, or recover your encrypted data or keys.
Locki uses modern, standards-based cryptography built into your browser. All encryption and decryption happen locally using AES-GCM, a trusted and widely adopted algorithm for secure data protection. Encryption keys never leave your device.
Locki does not collect user content, messages, or metadata related to your encrypted information. Our only optional data collection occurs when you voluntarily contact us via email - and even then, it's minimal and transparent.
We believe that privacy tools must be verifiable. Locki's core cryptographic functions are designed to be open for independent review and audit by the community. Transparency builds trust.
We welcome responsible security research. If you discover a vulnerability in Locki, please contact us immediately at contact@locki.one. We take every report seriously and respond promptly.
Last updated: November 20, 2025