Yend
Yend
EPC-256 · AES-256-GCM

Our Security Architecture

How does EPC-256 work? An AES-256-GCM core plus a key-derived secret emoji permutation that keeps your data unreadable even if the database is breached.

HOW IT WORKS

From plaintext to emoji ciphertext, step by step.

Every sensitive field in a Yend app passes through the same pipeline before it ever touches the database.

1

Plaintext input

A sensitive field like a message, phone or profile arrives from the user's device and enters the pipeline.

2

AES-256-GCM encryption

The data is encrypted with authenticated AES-256-GCM, using a key derived from the user's secret.

3

EPC-256 emoji layer

The ciphertext bytes are mapped through a secret 256-emoji permutation derived from the key via HKDF.

4

At-rest storage

Only emoji ciphertext is written to the database. Even on a leak, an attacker sees unreadable emoji strings.

5

Read & decrypt

While the vault is open the flow reverses: emoji → bytes → AES decrypt. Without the right key it is rejected.

AES-256-GCM Encryption

All sensitive fields (phone, message content, email, profile) are protected with authenticated encryption. GCM mode delivers both confidentiality and integrity — any tampering is rejected instantly.

PBKDF2 Key Derivation

Your master password is never stored. Keys are derived from the user's secret with modern key-derivation functions — making brute-force attacks impractical.

EPC-256 · Keyed Secret Emoji Layer

The 256-emoji permutation is a SECRET alphabet derived from the data key. Without the key you cannot even map one emoji back to a byte; even if the database leaks, an attacker sees only meaningless emoji strings.

Blind-Index Search

Searchable fields like phone or email are matched via an irreversible index value. Plaintext is never stored.

Abuse & Bot Protection

Multi-layered protection and anomaly detection guard against automated requests, bots and brute-force attempts.

OUR PROMISES

What zero-knowledge actually means.

  • Plaintext passwords, keys or sensitive data are stored nowhere — not in .env, not in logs, not in backups.
  • If the database leaks, an attacker sees only meaningless emoji ciphertext — the emoji alphabet is a key-derived secret permutation that can't even be mapped to bytes without the key.
  • A wrong passphrase is rejected in sub-millisecond — no CPU burn, no brute-force window.
  • Losing your recovery phrase = unrecoverable data. This is the design, not a bug (zero-knowledge guarantee).
  • Same plaintext yields different ciphertext on every encryption (IND-CPA security).
🛡️

Report a Vulnerability

Found a security issue? Send us the details — first response within 48 hours, triage within 5 business days.

NEWSLETTER

Subscribe to the newsletter

New Yend apps, updates and exclusive announcements delivered straight to your inbox.

Yend
Yend

We build privacy-first, secure mobile apps. Your sensitive data is stored as emoji ciphertext — unreadable even inside the database — via the EPC-256 architecture.

© 2026 Yend. All rights reserved.