⚖️ ShieldDrop Legal Suite
White Paper →Start Free →
SECURITY ARCHITECTURE

How ShieldDrop Protects
Attorney Data

Security claims are easy to make. This page explains exactly how ShieldDrop's architecture works, how you can verify every claim independently, and why our approach is architecturally stronger than any cloud-based alternative.

The core claim — verifiable in 60 seconds

Open ShieldDrop. Open Chrome DevTools (F12 → Network tab). Drop a document. Watch the Network tab. You will see zero outbound requests containing your file data. This is not a policy — it is a technical reality of our architecture.

The 5 security layers

🔒Layer 1: In-Browser Processing

Every file is processed using WebAssembly (WASM) compiled directly in your browser. No JavaScript on our servers reads your files. No file data is transmitted via HTTP. You can verify this in Chrome DevTools → Network tab — zero outbound requests containing your document data.

✓ Verify: Open DevTools → Network → drop a file → no requests containing file data
🛡️Layer 2: Zero Server Architecture

ShieldDrop has no document storage infrastructure. There are no S3 buckets, no document databases, no processing queues for your files. We cannot have a breach of your documents because we never receive them. This is architecturally impossible to breach.

✓ Verify: Reviewed in our technical white paper with full infrastructure diagram
🔐Layer 3: AES-256 Encrypted Notes

VaultNotes uses AES-256 encryption with a key derived from your password using PBKDF2 (100,000 iterations). Notes are encrypted before being stored locally. We never receive your key. Even if someone accessed your device storage, notes are unreadable without your password.

✓ Verify: Key derivation and encryption code is auditable in the browser's JavaScript source
🎙️Layer 4: Transcription Never Leaves Device

VaultDictate runs OpenAI's Whisper model via WASM in your browser. Audio is captured, processed, and transcribed locally. The audio stream never reaches any server — not ours, not OpenAI's. This makes VaultDictate compliant with even the strictest attorney-client privilege interpretations for recorded communications.

✓ Verify: Network tab shows zero audio data transmission during transcription
🔗Layer 5: Session Isolation

Each ShieldDrop session is isolated. No file data persists between sessions. When you close the browser tab, processed file data is garbage collected by the browser — it never reached localStorage, IndexedDB, or any persistent storage on our end.

✓ Verify: Application tab in DevTools shows no document data in local storage

What we do store

Transparency matters. ShieldDrop does store: your account email and hashed password (for authentication), your subscription status (via Stripe), and anonymized usage metrics (page visits, no document content). We never store: the content of any document you process, any transcribed text, any metadata fields extracted from your files, or any encryption keys for VaultNotes.

For security teams and IT reviewers

If you're evaluating ShieldDrop for a law firm or corporate legal department and need a security review, we provide: technical architecture documentation, a full white paper, and direct engagement with our security team for enterprise evaluations.

Read Technical White Paper →Security Review Request