In F-Secure KEY, each password record is individually encrypted using a unique and strong random encryption key. The record-specific keys are encrypted using a master encryption key, derived from your master password using the PBKDF2 algorithm. PBKDF2 stands for Password-Based Key Derivation Function 2.
Your master password and the master encryption key are never stored anywhere. The encryption keys live only when you use the product. This means, however, that there is no way to recover your password or data if you forget the master password.
The guiding design principle for F-Secure KEY is to respect and protect the anonymity of our users. We also don't track you when you synchronize your data across devices.
The F-Secure KEY servers are owned and operated by F-Secure within the European Union in compliance with Finnish law and applicable to EU rules.