SECURITY · PRIVACY · TRUST

Builtonafoundationof
zero trust.

Acier was designed from day one so your data remains yours alone. The architecture makes it technically impossible for us to access your inventory.

Scroll
AES-256-GCM
TLS 1.3
Secure Enclave
PBKDF2-SHA256
Zero-Knowledge
Row-Level Security
JWT Rotation
SOC 2 Aligned
On-Device Keys
Signed URLs
No Telemetry
Encrypted at Rest
AES-256-GCM
TLS 1.3
Secure Enclave
PBKDF2-SHA256
Zero-Knowledge
Row-Level Security
JWT Rotation
SOC 2 Aligned
On-Device Keys
Signed URLs
No Telemetry
Encrypted at Rest

/// Core Principles

Four commitments that
shape every line of code.

P.01

End-to-End Encryption

All inventory data is encrypted with AES-256 at rest and TLS 1.3 in transit. Photos, valuations, and personal details are never stored as plain text. Encryption happens before data leaves your device.

Algorithm
AES-256-GCM
Transport
TLS 1.3
Scope
On-device
P.02

Zero-Knowledge Architecture

Acier cannot view your inventory data, even with full database access. Encryption keys are derived from your credentials and stored exclusively on your device. We never have the keys.

Key derivation
PBKDF2
Key storage
Device only
Server access
None
P.03

Biometric Authentication

Face ID and Touch ID provide instant, secure access. Your biometric data is processed entirely by Apple's Secure Enclave and never touches our servers or any third-party service.

Processor
Secure Enclave
Methods
Face / Touch ID
Data location
Local
P.04

No Always-On Cameras

Unlike security camera systems, Acier only activates your camera during scans you explicitly initiate. No background recording, no live feeds, no cloud-stored footage. When you're done scanning, the camera is off.

Activation
User-initiated
Recording
None
Cloud storage
Never

/// Operational Practices

Beyond architecture,
the day-to-day discipline.

01 / 06

SOC 2 Aligned Infrastructure

Hosted on infrastructure with automatic patching, intrusion detection, and continuous monitoring.

02 / 06

Private Image Storage

Capture images live in private buckets with signed URLs that expire after one hour. No public access, ever.

03 / 06

Row-Level Security

The database enforces user-level access controls. Your data is isolated at the database layer, not just the application layer.

04 / 06

Regular Security Audits

Ongoing penetration testing and code review. We actively search for vulnerabilities before anyone else can.

05 / 06

Token Rotation

JWT authentication with automatic refresh token rotation. Compromised tokens expire quickly and can't be reused.

06 / 06

Full Data Deletion

Delete your account and all data is permanently removed within 30 days. No ghost copies, no archives.

/// A Different Posture

Cameras watch you.
Acier works for you.

OPTION A

Traditional Security Cameras

  • Record 24/7, even when you're home
  • Store footage on third-party servers
  • Can be hacked or accessed by employees
  • Privacy concerns for family and guests
  • Won't help prove what you owned
  • Monthly subscription fees required

OPTION B

Acier

  • Scan only when you choose to
  • Data encrypted on your device
  • Zero-knowledge architecture
  • No cameras, no live feeds, no recordings
  • Complete inventory with photos and values
  • Free tier with unlimited scans

/// Responsible Disclosure

Found a security concern? Reach our security team directly at security@acier.io