XYZVault - "we can't see your data" vs "we won't look." Does that distinction matter to you?

Quick analogy first. Imagine two filing cabinets at a Bitcoin custody service:

Cabinet A (plaintext) — full of regular paper. The company has a key. Anyone with the key can read every file. The company promises they won't, but the data is right there to be read.

Cabinet B (ciphertext) — full of paper, but every word on every page is encrypted with a key that lives only on YOUR phone or laptop. The company doesn't have your key. If they're hacked, served a subpoena, or have a rogue employee — they hand over locked gibberish, because that's all they have.

Most Bitcoin custody services run on Cabinet A. They tell you they don't look. We can't tell you that, because we can't look in the first place. Different promise. Different math.

That's the whole point of what I'm building. A 2-of-3 multisig Bitcoin vault where:

• Encryption happens on your browser. Your passphrase derives a key that never leaves your browser. Our server only ever stores ciphertext — vault names, device information, the wallet configuration file, everything. We can't decrypt any of it.
• We don't store your addresses, balances, or transaction history. Your browser derives addresses locally and queries our blind proxy to a private Bitcoin node. The proxy relays information without linking addresses to users.
• We hold 1 of 3 keys. You hold the other two on hardware wallets. We can never move your funds alone. If we vanish tomorrow, you sweep your Bitcoin into Sparrow Wallet with your two keys.
• Your spending rules live in encrypted form too. Address allowlists, daily limits, hold timers — enforced inside a secure enclave, never readable by us, only changeable with a hardware-wallet signature.

The litmus test for any multisig vault service: can they tell you their total assets under custody? If yes, they can read every customer's balance. If they charge you a percentage of what you hold, same thing. Both require plaintext. We can't produce that number — we genuinely don't know how much Bitcoin our users hold. That's not a marketing line.

One question for anyone using multisig today:

1. Would this matter to you? Or is "they promise not to look" already enough?

Check us out at https://xyzvault.io — would love feedback from anyone using another multisig platform, or who'd considered it and backed away.