How it works

Three steps. The whole product.

Restkin does three things, in this order: it captures a record, it reminds you before it lapses, and it lets the right trusted person find it when they need it. Here's what each step actually feels like.

Begin your vault Walk through the steps

Step 01 — Capture

Point your phone. We extract the dates on-device.

Snap a passport, insurance card, or vehicle title. Restkin extracts expiry dates, document numbers, and the issuing authority — all on your device, before encryption. You confirm the fields, then the record is sealed. No file ever leaves your phone as plaintext.

Passport

Exp 12/2029

BD-GOVT

Concept

Step 02 — Renew

A reminder arrives when you can still act on it.

Lead times are matched to the document — 9 months for a passport, 60 days for an insurance policy. The reminder is a guided workflow, not a notification: prep checklist, link to the official portal, deadline countdown. You always submit yourself; we prepare, you decide.

T-9mo

Passport

T-60d

Insurance

T-14d

Registration

Today

Lead time per document

Concept

Step 03 — Share

One trusted person, when they need it, on your terms.

Invite a spouse, parent, or advisor by email. Grant access category-by-category. They never see what they don't need. Every view is logged to you. Revoke anytime. If something happens to you, the time-lock or veto-based release opens the door without you having to be there.

You

Spouse

Co-owner

Parent

Viewer

Advisor

Scoped

Concept

What we see vs. what you see

Trust, line by line.

Every row of data in your vault has a user-side view and a server-side view. The server-side column is shorter than the user-side column. By design.

What kind of data

What you see

What we see

Document content

Plaintext on your device, while unlocked.

Encrypted XChaCha20-Poly1305 ciphertext we cannot unwrap.

Expiry dates / metadata

Structured fields you can edit and search.

Encrypted blob. We run no server-side processing on your data.

Trusted contact list

Names, emails, permission grants, audit log.

Same encrypted blob. We never see who you invite.

Sharing requests

Read-only, scoped, time-limited, fully revocable.

A token we route. We cannot decrypt the underlying record.

Recovery

A 12-word phrase generated once, saved by you.

Nothing. We never see your recovery phrase.

Audit log

Every view, share, export — exportable as JSON.

Encrypted. We can't read your log.

For the cryptographic detail — keys, KDFs, audit log, sharing handshake — read the full trust model.

The first record

Start with one record. The rest follows.

The first action should be low risk: one passport, one reminder, one trust proof. Restkin meets you there, then grows with you.

Begin your vault Read the trust model