Chez was designed from day one to protect the most sensitive information a household has: wills, financial accounts, medical documents, family records. Here's exactly how we do it — and why it's stronger than the cloud storage you're using today.
Most cloud storage encrypts your files, but anyone at the company with admin access can still see them. Chez adds row-level data isolation, household-scoped access controls, role-based document visibility for staff, and AI that processes content in isolation. Your documents aren't just stored securely — they're architecturally inaccessible to anyone but you and the people you've explicitly invited.
Security isn't just encryption. It's architecture, access controls, and what happens with your data after you upload it.
| Security feature | Chez | Google Drive | Dropbox | iCloud |
|---|---|---|---|---|
| Encryption at rest | AES-256-GCM | AES-256 | AES-256 | AES-256 |
| Encryption in transit | TLS 1.3 | TLS 1.3 | TLS 1.2+ | TLS 1.2+ |
| Row-level data isolation | Yes | No | No | No |
| Per-document role-based access for staff | Yes | No | No | No |
| Per-document vault lock (biometric) | Yes | No | Add-on | No |
| Biometric app lock | Yes | No | No | Device-level |
| AI never trained on your content | Yes | Limited | N/A | Limited |
| Immutable access audit log | Yes | Activity log | Events log | No |
| Data used for ad targeting | Never | Metadata | No | No |
Every layer is independently secure. Even if one were compromised, the others keep your data protected.
Every API call uses TLS 1.3. Database storage uses AES-256-GCM. Optional vault lock adds an additional biometric layer for your most sensitive documents.
Row-level security on every table in the database. Every query is scoped to your household. Cross-household access is architecturally impossible — not just policy, but enforced in code.
Alfred analyzes your documents in isolated, ephemeral processes. Content is processed in-session and never stored beyond it. Anthropic does not train models on your API content. AI context is scoped to your household only.
Face ID and Touch ID for quick, secure access. Every document access is logged in an immutable audit trail. Sessions short-lived; refresh handled transparently.
Your spouse gets their own login with shared household access. Each person's Alfred chat history stays private. Invite codes are tokenized and expire after 30 days.
Property staff get their own Chez login with permissions scoped to home operations only. They can manage tasks, systems, and vendors — they never see your will, financials, or medical documents. Enforced server-side via row-level security.
Auth tokens stored in the iOS Keychain — Apple's hardware-backed secure enclave. Biometric app lock keeps your data protected even on an unlocked phone. Screenshot prevention on sensitive screens. Jailbreak detection with user warning.
These aren't policies that change with a terms update. They're architectural decisions baked into how Chez is built.
From the moment you upload a document to the moment Alfred answers your question, here's what happens.
Your document is encrypted with TLS 1.3 in transit, then stored with AES-256-GCM at rest. The file is tagged to your household. Row-level security means it's inaccessible to any other household, account, or — for sensitive categories — staff role.
Alfred reads your document in an isolated, ephemeral process. It extracts dates, identifies the type, and returns structured data. Anthropic does not train models on your API content. The structured result lands in your encrypted record.
Extracted metadata is stored alongside your encrypted file. When you ask Alfred a question, it references the metadata — never re-reading the full document unless you explicitly attach it. Every access logged immutably.
Estate planning documents are among the most sensitive in your household. Chez applies additional safeguards to wills, trusts, POAs, and the data extracted from them.
Chez never collects Social Security numbers, full account numbers, or precise financial balances. Only ranges and categories are stored.
Attorney handoff PDFs use tokenized links: 3-use limit, 7-day expiry. Verifiable at getchez.com/verify. Revocable from the app.
Exported estate PDFs are encrypted before storage. Only authenticated sessions or valid verification tokens can decrypt them.
Every access to a shared estate document is logged with a hashed IP address. Full audit trail visible in the app.
Revoke any shared estate link instantly from the app. Once revoked, the link can never be used again.
Chez never shares estate data with third parties. AI analysis happens server-side and is never persisted beyond the session.
We take this seriously. If you have questions about how your data is handled, reach out and we'll give you a straight answer.