When you create an account, your password is immediately transformed using bcrypt — a one-way hashing algorithm designed to be computationally expensive to reverse. What we store is not your password but a mathematical fingerprint of it. We cannot read it, recover it, or hand it to anyone. If you forget your password, the only option is to reset it — because the original does not exist in any readable form in our systems.

Every sensitive field in your vault — item names, purity grades, the names of people who hold your gold, nominee details, and any notes you attach — is encrypted at the application layer before it is written to our database. We use AES-256-GCM, the same standard used by financial institutions and government agencies worldwide.

Each piece of data is encrypted with a unique initialisation vector and authenticated with a cryptographic tag that detects any tampering. The encryption key is stored entirely separately from the data it protects. This means that even if someone were to gain direct access to our database, they would see nothing but unreadable ciphertext. The data and the key to read it are never in the same place.

Estate notes go further than any other data in MyAurum. When you save a note — a locker number, a lawyer's contact, a safe combination — it is encrypted in your browser using a key derived from your password before it leaves your device. The encrypted bytes are what travel to our servers and what sits in our database. We receive ciphertext we cannot read.

This means that even a full breach of our infrastructure would not expose your estate notes. The decryption key exists only in your browser for the duration of your session and is never stored or transmitted. If you forget your password, these notes cannot be recovered by anyone — including us. This is a deliberate design choice, not a limitation.

All communication between your device and MyAurum's servers uses TLS — Transport Layer Security — which ensures that your data cannot be intercepted or read in transit. This is the same protocol that protects online banking and financial transactions.

MyAurum runs on enterprise cloud infrastructure where storage volumes are encrypted at rest by default. Your data is protected not just in transit but at the infrastructure layer as well — meaning it is encrypted even when it is sitting idle on disk.

There are no advertisers, no data brokers, no analytics companies, and no third parties with access to your holdings. Nothing about what you hold, what it is worth, or who it belongs to ever leaves our system. This is not a policy subject to revision for commercial convenience — it is a categorical commitment.

MyAurum has no advertising model. We have no financial incentive to share your data because our business model does not depend on it.

For users who want additional login security, MyAurum offers optional two-factor authentication. When enabled, a six-digit code is sent to your registered email address each time you sign in. Your password alone is not sufficient — a valid code is required to open your vault. Two-factor authentication can be enabled at any time from Profile → Settings.

Our login endpoints enforce rate limiting, which means that automated attempts to guess your password are detected and blocked before they can cause harm. Session tokens expire after 30 days, after which you are required to sign in again. This limits the window of exposure if a device is ever lost or compromised.

MyAurum locks automatically after 30 minutes of inactivity. When the lock fires, your vault is closed and your estate notes key is cleared from memory. Re-opening requires your password. This protects your data if you leave a device unattended — a browser tab left open at a shared computer, for example, cannot be accessed without authentication.

MyAurum includes an Access Switch — a dead man's switch for your estate notes. You can name custodians and set an inactivity period of 60, 90, 180, or 360 days. If you do not log in within that period, your custodians are automatically sent your estate notes by email. Just logging in resets the clock. This feature is designed for families and diaspora users who want to ensure critical information reaches the right people if something happens.

You can delete your account and every piece of data associated with it at any time from Profile → Settings → Danger Zone. Deletion is immediate and permanent. We retain no copies, no backups specific to your account, and no residual records.

MyAurum requires no identity documents, no PAN, no Aadhaar, and no government-issued identification of any kind. We have no visibility into your financial accounts and no ability to initiate transactions on your behalf. What you share with us is only what you choose to enter.