JEZZPEAK
TRUST PROTOCOL · v2.4

Your account. Your control. Always.

Boosting only works if you trust the operator. We engineered the credential lifecycle so you never have to. Here’s exactly what happens to your account from intake to wipe.

CREDENTIAL LIFECYCLE

Three states. One outcome.

01
INTAKE

Credentials encrypted in your browser before transmission. libsodium XChaCha20-Poly1305. Server stores only the ciphertext.

E_K(creds) → vault
02
USE

Decrypted only inside the booster's hardened session — pinned IP, dedicated VM, ephemeral keychain. Never on disk, never in logs.

session.k = HSM.unwrap(K)
03
WIPE

On order completion: in-memory zeroing + cold-storage shred. Cryptographic erase certificate written to your audit log.

shred(vault) → 0xa3f...b21
GUARANTEES

What we will never do

✕ NEVER
Never log credentials

Plaintext credentials never touch a database, log file, or analytics pipeline. Audit-verifiable.

✕ NEVER
Never share with third parties

We don't use third-party SaaS for boosting infrastructure. Payments, comms, storage — all self-hosted.

✕ NEVER
Never request seed phrases

Crypto seed phrases are never asked for, never accepted, never needed. We use payment addresses only.

✕ NEVER
Never bypass your 2FA

We work with your TOTP / OTP / backup-code workflow. We do not crack, intercept, or social-engineer.

Jezzpeak credential flowCustomer submits credentials via server action; server encrypts with a per-order DEK wrapped under a host-held KEK; booster decrypts on demand; auto-wipe on order completion.Customersubmits via TLSServer Actionencrypts (DEK + AAD)Postgres rowciphertext + wrapped DEK(KEK on chmod 0400)Boosterdecrypts on demandon completion: NULL ciphertext + wrapped DEKAudit trailevery decrypt logged: booster_id, order_id, reason, ts — append-only.
Jezzpeak credential flow — submit → encrypt → decrypt-on-demand → auto-wipe.