Data security and privacy
Zoho Vault leverages the host-proof-hosting technique - a secure, proven mechanism, which has found wide acceptance after undergoing extensive testing by security experts. Host-proof-hosting revolves around the basic fact of "host sensitive data in encrypted form, so that clients can only access and manipulate it by providing a pass-phrase which is never transmitted to the server. The server is limited to persisting and retrieving whatever encrypted data the browser sends it, and never actually accesses the sensitive data in its plain form. All encryption and decryption takes place inside the browser itself."
The secrets that you store on Zoho Vault literally remain secrets. The data remains completely private and only you can view the data. All the data are encrypted inside the browser itself and Zoho (which hosts the Zoho Vault service) stores only the encrypted data. The 'Passphrase' that you enter to access Zoho Vault, is used as the key to encrypt and decrypt the data at the browser. The passphrase is not stored anywhere in Zoho Vault and hence even Zoho cannot access your data.
As mentioned above, only encrypted data (AES-256 bit) is always sent over the internet.
In addition, the connection is through SSL.