clavitor network
Zero cache. Every request hits the vault.
Clavitor never caches credentials — not in memory, not on disk, not anywhere. Every request is a fresh decrypt from the vault. That's the security model. To make it fast, we run regions across every continent. Your data lives where you choose.
We have strategically chosen our datacenter locations so that almost every place on the planet gets an answer within 60 ms. That's a convenience target, not a requirement — Clavitor works perfectly fine on slower connections, it just won't feel quite as instant. See how fast it is from your location. If you'd like a region closer to you, reach out and we'll work on it.
See network performance from your location →Fresh every read
No sync. No cache. No stale credentials.
Most credential systems cache the vault locally and sync it in the background. That creates the problems they then have to solve: stale credentials when a teammate rotates a key, write conflicts between devices, secrets lingering on disk after a revoke, and the eternal "did the latest version sync to my laptop yet?" question.
Clavitor doesn't sync. Every credential read is a live, encrypted fetch from your vault — every time, every device, every agent. Rotate once, take effect everywhere on the next read. Revoke a key and there's no cached copy to worry about, because there isn't one.
The trade-off is latency. A read that takes 800ms turns a one-second task into a wait. So the network is built to dissolve that trade-off: 22 Points of Presence (POPs) across every continent put your vault within <60ms of where the people on your team actually work — your colleague in Tokyo, your VP in São Paulo, every co-worker on every timezone. Fresh reads + global reach is one product, not two.
Three-tier encryption
Jurisdiction is irrelevant.
Math is not. Your vault is encrypted at rest. Your credentials are encrypted per-field. Your identity fields are encrypted client-side with a key that never leaves your device. No server — ours or anyone's — can read what it doesn't have the key to. That's the real protection. Zürich is the belt to that suspenders: a jurisdiction where nobody will even try to force open what mathematics already guarantees they can't.
Vault Encryption
Entire vault encrypted at rest with AES-256-GCM. The baseline. Every password manager does this.
Credential Encryption
Per-field encryption. Your AI agent can read the API key it needs — but not the credit card number in the same entry.
Identity Encryption
Client-side. The key is derived from your fingerprint, face, or security key — and never leaves your device. We cannot decrypt it. Period.
Included on every plan
What you get
Managed infrastructure
We run it, monitor it, and keep it up. You just use it.
Daily encrypted snapshots
Point-in-time snapshots, encrypted at rest. Restorable on request — for accidental deletion or rollback, not as a fail-over substitute.
22 regions, your choice
Pick your primary region at signup — same encryption, same SLA, every continent covered. Fail-over copy lives on the opposite side of the world (or pinned to a region of your choice for compliance).
Automatic updates
Security patches and new features deployed automatically. No downtime.
Unlock with your device
No master password to forget, lose, or have stolen. Your fingerprint, face, or security key unlocks everything — and the encryption key never leaves your device.
AI support, any hour
Get answers in seconds, not days. Our AI knows the product end-to-end and reads your account configuration — never your credentials. The same encryption that hides your secrets from us hides them from our AI too.
Auto scope assignment
On import, Clavitor extracts the domain from each credential's URL and assigns a scope automatically — "dev", "finance", "shopping". Your agents get the right access from day one, without manual tagging.
API key recognition
Clavitor detects API keys by pattern during import — OpenAI, AWS, GitHub, Stripe, and 10+ more. They're automatically separated into their own category so agents can find them without digging through password entries.
Continuity
Your credentials stay readable when your primary POP doesn't.
Every vault is replicated to a geographically distant fail-over POP. When the primary is unreachable — outage, maintenance, regional disruption — agents and extensions automatically read from the fail-over and keep working. Writes resume when the primary is back.
The fail-over copy is end-to-end encrypted with the same per-vault key as the primary. Only you can decrypt it — no matter which POP holds the ciphertext. The fail-over location sees opaque bytes; we see opaque bytes.
Calgary, Canada
Deep in the Canadian prairies, over 1,000 km from the nearest ocean. No earthquakes, no hurricanes, no volcanoes — the most geologically stable terrain in North America. Canadian privacy law.
Backs up
| Almaty | 9,486 km (5,894 mi) |
| Cape Town | 15,772 km (9,800 mi) |
| Istanbul | 9,173 km (5,699 mi) |
| Lagos | 11,295 km (7,018 mi) |
| London | 7,041 km (4,375 mi) |
| Mumbai | 12,190 km (7,574 mi) |
| Stockholm | 7,016 km (4,359 mi) |
| Zürich | 7,780 km (4,834 mi) |
Zürich, Switzerland
Landlocked in the center of Europe, surrounded by the Alps. Swiss data protection — among the strongest in the world. Politically neutral for over 200 years.
Backs up
| Bogotá | 9,066 km (5,633 mi) |
| Calgary | 7,780 km (4,834 mi) |
| Hong Kong | 9,306 km (5,782 mi) |
| Mexico City | 9,679 km (6,014 mi) |
| Montréal | 5,985 km (3,718 mi) |
| San Francisco | 9,363 km (5,817 mi) |
| Seoul | 8,763 km (5,445 mi) |
| Singapore | 10,299 km (6,399 mi) |
| Sydney | 16,571 km (10,296 mi) |
| São Paulo | 9,623 km (5,979 mi) |
| Tokyo | 9,577 km (5,950 mi) |
| Washington D.C. | 6,777 km (4,211 mi) |
Why these locations? Inland, geologically stable, on the opposite side of the world from the primary they cover — chosen so a regional event can't take both down. Why not Almaty? Well-positioned in Central Asia, but it sits on an active seismic fault — fine as a primary, not as a fail-over.
Need to pin a region? Enterprise customers can disable cross-region fail-over or restrict it to a specific set of locations for data-residency or compliance requirements. The default is global cross-hemisphere; the override is per-vault.
Ready?
Free forever for up to 10 entries — no card, no trial timer.
Outgrow it and $1/mo unlocks unlimited entries for one user, across every device. Every feature included. 7-day money-back. Price for life — your rate never increases.