Security

Private by design. Even from us.

Autofill only works if your card details are stored somewhere. cashew stores them in a vault that's encrypted on your device with a key only you hold — so we keep ciphertext we literally can't read.

How the vault works

01

Encrypted on your device

When you save a card, your browser or extension encrypts the number, expiration, security code, and name locally — before anything is sent to us.

02

We store only ciphertext

cashew syncs the encrypted blob so your cards follow you across the web app, extension, and iOS. We never receive the key, so we can't decrypt it.

03

Decrypted only to fill

When you tap a card at checkout, decryption happens on your device, in that moment, to fill the form. The plaintext never touches our servers.

What cashew can and can't see

CAN

Card name, issuer, and last four digits — used to recognize your cards and rank them at each merchant.

CAN'T

Your full card number, expiration, or security code. Those are encrypted on your device; we hold ciphertext we can't open.

Autofill is opt-in. Skip it and the "card name + last four only" promise holds — we never receive a full card number.

Unlocking your vault

Passkey / biometric

On supported devices, unlocking uses your fingerprint, face, or device PIN via a passkey. A hardware-backed secret derives your key — no password to type, and the secret never leaves your device.

Passphrase

A passphrase you set works everywhere, including browsers without passkey support. It derives your key on your device and is separate from your cashew login.

Recovery code

A one-time recovery code, shown once at setup, is your last resort. Store it somewhere safe — it's the only way back in if you lose your passkeys and passphrase.

Questions

Can cashew see my card number?

No. If you opt in to autofill, your card number, expiration, security code, and name are encrypted on your device before they're ever sent to us. We store only ciphertext we cannot decrypt. If you never enable autofill, we only ever have your card name, issuer, and last four digits.

What happens if cashew's servers are breached?

An attacker would get ciphertext and nothing else. The keys that decrypt your cards live only on your devices, derived from your passkey or passphrase — neither of which we receive.

What if I lose access?

Because only you hold the keys, losing all of your passkeys, your passphrase, and your one-time recovery code means your stored card details can't be recovered — by anyone, including us. That's the tradeoff of true zero-knowledge encryption. We show your recovery code once at setup; save it somewhere safe.

Is storing my security code (CVV) safe?

Storing a security code inside a user-controlled, zero-knowledge vault that isn't part of the payment-authorization path is the same model used by 1Password, Bitwarden, Apple iCloud Keychain, and Chrome. PCI's retention rules target merchants and processors after a charge — not your personal credential vault.

Does cashew store my bank login?

Never. Optional bank linking (premium) is handled by Plaid; cashew never sees or stores your banking credentials.

Earn more at checkout — without handing over your card number.

cashew picks your best card, fills it in, and flags offers you haven't activated. Your details stay in a vault only you can open.

Get cashew free

Read our privacy policy.