AES-256-GCM encryption — fully client-side, nothing leaves your browser.
How it works: Your password is stretched using PBKDF2 (100k iterations) then used as an AES-256-GCM key. A random salt and IV are generated per encryption and embedded in the output. Everything runs in your browser — no data is sent anywhere.