ドキュメント
SecuritySecurityThe Encrypted Vault

The Encrypted Vault

End-to-end encryption of your sensitive portfolio data — what it protects, how to turn it on.

The Encrypted Vault is a Pro feature that applies end-to-end encryption to the most sensitive parts of your portfolio. When it's on, we — the people running MyInvestments — cannot see your amounts, average prices, location names, or label names. Nobody else can either.

What gets encrypted

  • Amounts — how much of each asset you own
  • Average buy prices — what you paid
  • Location names — where assets sit
  • Label names — your personal tagging

What is not encrypted

  • Asset identity (which stock, which coin)
  • Current market price (it's public data)
  • Your email, your settings, your billing info

How it works

We use hybrid encryption: an RSA-2048 key pair for you, plus AES-256-GCM for each record. Encryption and decryption happen entirely in your browser — only ciphertext ever leaves your device. The server stores scrambled payloads and zeros out the plaintext columns.

Turning it on

  1. Go to Settings → Vault
  2. Click Enable encryption
  3. We generate your keys in the browser and show you a 24-word recovery phrase (BIP39)
  4. Write it down. On paper. Offline. Store it somewhere only you can reach.
  5. Confirm — your existing assets get encrypted in place

From that moment, every add, edit, and historical snapshot is encrypted before it leaves your device.

What changes in the UI

You unlock the vault at the start of each session with your password. If you forget the password, the recovery phrase is your only way back in. If you lose both — we genuinely cannot help. That's the point.

How we calculate P/L

Why your profit and loss may look different here than in other trackers — especially for foreign-currency assets.

The recovery key

What it is, why you need it, and why we cannot help without it.

このページの内容

What gets encryptedWhat is not encryptedHow it worksTurning it onWhat changes in the UI