Security & Privacy
Learn how CenterLeap protects your emails with end-to-end encryption, recovery keys, two-factor authentication, and other security features.
On This Page
End-to-End Encryption (E2EE)
CenterLeap uses end-to-end encryption to protect your emails. This means your email content is encrypted on your device before it's sent to our servers, and only you (and people you share access with) can decrypt it.
What We Can See
- Encrypted email metadata
- Email timestamps
- Storage usage
What We Cannot See
- Email subject lines
- Email body content
- Attachment contents
- Your private keys
How E2EE Works in CenterLeap
1. Key Generation (During Registration)
- An RSA key pair is generated locally in your browser
- Your private key is encrypted using a key derived from your password
- Only the encrypted private key is stored on our servers
2. Email Encryption (When Storing)
- Each email account has a unique AES content key
- Email content is encrypted with this content key
- The content key is encrypted with your password-derived key
3. Email Decryption (When Reading)
- You unlock your vault with your encryption password
- Your private key is decrypted locally
- Email content is decrypted in your browser
Recovery Keys
A recovery key is a backup way to access your account if you forget your encryption password. It's generated during registration and should be stored safely.
Critical: Save Your Recovery Key
If you lose both your encryption password AND your recovery key, your encrypted data cannot be recovered. We cannot help you - this is by design for your security.
How to store your recovery key safely:
- Write it down and store in a secure location
- Store in a password manager
- Keep a copy in a safe deposit box
Two-Factor Authentication (2FA)
Add an extra layer of security to your account by requiring a one-time code when you log in.
To enable 2FA:
- Go to Dashboard → Settings
- Find the "Security" section
- Click "Enable 2FA"
- When you log in, you'll receive a code via email
Note: CenterLeap currently uses email-based OTP (one-time password) for 2FA. Authenticator app support is coming soon.
Vault Timeout
The vault timeout automatically locks your encryption vault after a period of inactivity. When locked, you'll need to enter your encryption password to view email content.
To configure vault timeout:
- Go to Dashboard → Settings
- Find the "Security" section
- Select your preferred timeout duration (15 min, 30 min, 1 hour, etc.)
- Click "Save"
Tip: A shorter timeout is more secure but may require entering your password more often. Choose a balance that works for your usage.
What Happens If I Lose My Password?
Because CenterLeap uses true end-to-end encryption, we cannot reset your encryption password or decrypt your emails for you.
If you have your recovery key:
- Go to the login page
- Click "Forgot Password"
- Choose "Use Recovery Key"
- Enter your recovery key
- Set a new encryption password
If you don't have your recovery key:
Unfortunately, your encrypted data cannot be recovered. You can reset your account, but all encrypted emails will be permanently lost. This is a fundamental security feature, not a limitation.
Security Best Practices
Use a strong, unique encryption password
Your encryption password protects all your email data. Use a password manager to generate and store a strong password.
Save your recovery key securely
Write it down and store it somewhere safe, separate from your password. Consider multiple secure locations.
Enable two-factor authentication
Add an extra layer of protection to prevent unauthorized access even if your password is compromised.
Set an appropriate vault timeout
Configure your vault to lock automatically after inactivity. Shorter timeouts are more secure.
Keep your devices secure
Use strong device passwords, enable disk encryption, and keep your operating system and browser up to date.
Be cautious with shared computers
Always log out and lock your vault when using shared or public computers.