We constantly monitor the live application to ensure it has not been tampered with. The code for the application goes through a hashing function, and the results are compared to the hash that was derived from the certified code listed below. Any change to the running code would change the hash value, triggering our monitors to halt the service until the situation is rectified.

The following entities have certified that the codebase does not contain any malicious code. The certification verifies that all processes related to the creation and recovery of the QR sets are conducted client-side, and the confidential information entered by the user (e.g., seed phrase) is never transmitted to Xecret.io servers.

Private.me Certification

Digital Maelstrome Under review, certificate coming soon.


Our application runs on the client side to ensure our customers' privacy and maximum security. We have made our source code available to trusted members of the web3 community to inspect our codebase. If you wish to review the code, please fill out the form at the bottom of the page.

After reviewing the code, we would appreciate it if you could provide us with a certification or letter stating your findings. In return, we will gift you a lifetime 7-slice account with unlimited usage as a token of our appreciation. Terms and Conditions Apply.*

A modern, NIST approved cryptographic hash is a program that calculates a random-looking number or code that is deterministically calculated from all the input data fed to it. This is commonly used for media piracy tracking because copies of the same video file would generate the same short hash code. For our purpose, we want to be sure that the running code on the website is the audited and certified version and has not been tampered with. Even the slightest change to the code would scramble the hash. This way, anyone can easily compare the calculated hashes with our audited and published listings to ensure the software's safety.

We use the standard and NIST approved SHA-256 algorithm to calculate the hashes. By downloading copies of each file without modification and putting them through a standard hash utility such as the Linux utility sha256sum, anyone can generate identical hashes, as shown in our audit reports.

Yes, our client-side code is open to public inspection. Analysts can readily verify that a user's confidential material is never transmitted to the Xecret.io server-side through packet sniffing or a web browser's debugging capability.

Apply below to request access to review the source code

Certification Terms of Service

arrow-up icon