Is PicKey secure?

Security of your data is of utmost importance to us and leaves no stone unturned to take special care on how data is captured, communicated, stored and accessed. These measures include :

  • End-To-End Encryption on all devices.
  • Sensitive data is salted and hashed.
  • Sensitive data is encrypted at rest with military-grade AES-256 Cypher (GCM/CBC).
  • Sensitive data storage is access locked and cannot be accessed by anyone (including us).
  • RBAC by design.
  • All inter-module communication is encrypted over SSL.
  • Quantum Proof identifiers (unique ids) generation.
  • Multi-Factor Authentication for all account access.
  • OAuth2.0 with stringent token control, roles and rotation.
  • Random time delays for certain critical operations.

We also believe that the best way to keep data secure, is by not storing it in the first place. If there is no data stored, it cannot be compromised.

  • always works with your data on a need-to-know basis and does not collect any unnecessary data. For example - we do not collect your name, age, location or any other personal information. We only need your email to authenticate you per our need-to-know policy.
  • We’ve created MagicPass™, a novel, storage-free password that is never stored anywhere on our infrastructure. AI’s neural memory helps us re-create the exact same password value whenever you ask for your MagicPass™ password. This also follows our need-to-know policy for data handling.

A Note on User Privacy
Along with our data security and integrity goals, at, it is our policy to provide absolute user privacy and act responsibly on it. Not only do we aim at using and collecting data on a need-to-know basis, never shares, distributes, sells, or exposes your private data with any other party, organization, government, or country.