CAI Technology
Book a demo
Menu ☰
cai-vault In development

CAI-Vault — Encrypted digital wallet

Your digital wallet, explained without technical jargon. Cipher AI Vault — the only wallet that keeps your ID, passwords, tickets and cards end-to-end encrypted, with controlled share and free digital inheritance.

Request a demo →
The problem

You have a wallet with ID, driver's license, tickets, passwords, cards you need daily. They're scattered — on the phone, on paper, in 3-year-old emails. Bitwarden keeps passwords but not ID. Google Wallet keeps tickets but not passwords. Lose the phone — lose your 2FAs. Office burns — bye passwords. A unified solution — doesn't exist yet.

How it works

  1. 1

    You add: scanned ID, driver's license, passport, plane/concert tickets, Gmail/bank passwords, 2FA TOTP codes, bank/loyalty cards, secure notes, SSH/API keys.

  2. 2

    Everything in the vault is encrypted on YOUR device. The key lives in hardware secure element — never leaves the chip. The server only sees random bytes.

  3. 3

    Secure share with police/notary: live 30s QR + push approval on phone. The officer scans, you approve via fingerprint, they see only what you ticked — no screenshot, full audit with date and time.

  4. 4

    Cross-device sync offline-friendly — 2 offline phones editing the same password sync correctly when back online. Bluetooth direct without server for areas without signal.

Capabilities

Hybrid post-quantum (hybrid post-quantum (Patent Pending))

End-to-end encryption uses a hybrid scheme resistant to quantum computers. Bitwarden/1Password — vulnerable to harvest-now-decrypt-later.

Cheie protejată de hardware

The master key is NOT derived from a password (vulnerable to keylogger), it's generated in the phone's security chip. Only released on biometric request.

QR share with push approval

Police, notary, check-in: live 30-second QR, you approve via fingerprint, they only see what you ticked. Audit with date, time, what was seen.

Multiple categories: passwords · 2FA · ID · tickets · cards

Passwords (Gmail, bank, etc.), TOTP (replaces Google Authenticator), ID/passport/license with QR share, plane/concert tickets with IATA QR, bank/loyalty cards, secure notes, SSH/API keys.

Digital inheritance with social recovery

Pick several trusted persons (family, accountant, secondary device, paper in safe). For recovery, approval from a sufficient number of them plus a safety interval is required — no Apple/Google dependency. Free from day 1.

Anti-screenshot at viewer

When your documents are displayed on someone else's screen (e.g. officer, notary), screenshots are technically blocked. Bitwarden/Apple Wallet don't have this.

Direct Bluetooth (village without signal)

Share without internet, direct between phones, encrypted. Bitwarden/1Password don't work at all without network.

Self-hosted EU or EU-only cloud

Your data stays in EU. Schrems II safe by architecture. For companies — on-premise deployment. For consumers — EU-only cloud (Romania/Frankfurt).

Tech stack

  • end-to-end device-side encryption
  • hybrid post-quantum (Patent Pending) hybrid (post-quantum KEM)
  • Sync offline-first
  • Open-source AGPL 3.0 (client) + server source-available
  • Open-source AGPL 3.0 (client) + Rust server

Evidence

  • Aligned with eIDAS 2.0 EU Digital Identity Wallet (mandatory EU dec 2026)
  • screenshot block anti-screenshot — Bitwarden/1Password/Google Wallet don't have
  • Audit per share: who saw the ID, when, how long
  • Free threshold scheme social recovery (1Password doesn't have; Bitwarden only Premium)

FAQ

Does it replace Bitwarden / 1Password? +
Yes, plus much more: also stores ID/passport/license (with QR share), plane/concert tickets, bank cards. Also EU-resident, post-quantum and hardware-protected. Automatic migration from Bitwarden JSON export / 1Password 1pux.
What if I lose my phone? +
Data does NOT leave the old phone (key is in secure hardware element, not exportable). You recover on the new phone via threshold scheme social recovery: 3 of 5 trust anchors approve, after safety interval, you recover everything. The old phone stays offline + encrypted.
Does the officer see only what I want them to see? +
Exactly. Before share, you pick fields: CNP yes/no, address yes/no, photo yes/no. Approve via fingerprint. Live 30s QR. The officer sees on their screen only what you ticked. Cannot screenshot. At the end, your audit shows: Mar 21 2026 14:32 · officer XYZ · ID with address redacted · 47 seconds.
When is it available? +
Private beta Q3 2026 (enterprise companies, consumer beta Q4 2026). General availability H1 2027 — sync with the EU Digital Identity Wallet deadline (dec 2026).
Open source? +
Client (Android APK, Chrome Extension, future iOS) — open-source AGPL 3.0 from day 1. Server — source-available with commercial license for enterprise deployments. Enterprise SDK — Q2 2026.

We start with a 30-minute conversation.

Free AI-readiness audit for companies with 50+ employees. We reply within 24 hours.

Open contact form →