LINEAGE
← Back

Trust

Security

Last updated: 8 June 2026

Private by design

LINEAGE is built around one principle: your memories belong to you. The architecture enforces this at every layer — authentication, storage, access control, and delivery. No one at LINEAGE can read your entries or listen to your recordings.

For what this means in plain words — ownership, export, and what happens if we ever go away — read our promise.

Encryption in transit

All traffic between your device and LINEAGE is encrypted via TLS 1.2+. This covers your voice recordings, vault entries, and all data sent to or from the platform. HTTP connections redirect to HTTPS automatically. HSTS is enforced with a one-year max-age.

Encryption at rest

All data is encrypted at rest using AES-256. This applies to vault entries, audio recordings, transcripts, and account information. Storage encryption is managed at the infrastructure level and applies automatically to everything in your vault.

Future delivery encryption

Sealed messages — entries you schedule for future delivery to family members — are encrypted with AES-256-GCM before they are stored. Each message uses a unique encryption key. The key is itself encrypted and stored separately from the message payload, so the ciphertext alone is meaningless without it. Delivered messages are accessed via a one-time token that expires after use.

Access control

Access policies are defined and enforced at the database level — not the application level. This means your entries cannot be accessed by any other user regardless of how the API is called. You see only your own data, enforced by the database itself.

Voice and audio data

When you record a reflection, your audio is stored in private cloud storage accessible only to your account. It is processed for transcription and then remains in your vault. Audio is never shared beyond what is required to produce your entry. You can delete any recording at any time.

AI processing

Your transcripts are processed by AI to be shaped into vault entries. Your content is not retained beyond the processing request and is not used to train any model, internal or external. LINEAGE will never use your memories to improve an AI system.

Authentication

LINEAGE does not store passwords. Sign-in uses a magic link — a one-time URL sent to your email address. Sessions are managed via short-lived tokens with automatic refresh, stored in memory rather than persistent browser storage.

Vulnerability disclosure

If you discover a security vulnerability in LINEAGE, please report it to info@lineageproject.dev. We will acknowledge your report within 48 hours and work to resolve confirmed issues promptly.