# Vault Security

Keeper's platform is built with End-to-End Encryption (E2EE) across all devices and endpoints.

* Data stored in the platform is encrypted locally and encrypted in transit between the user's devices
* Information exchanged between Keeper users is encrypted from vault-to-vault
* Data at rest is encrypted with multiple layers, starting with AES-256 encryption at the record level
* Data in transit is encrypted with TLS and additional layers of transmission encryption which protects against access MITM, service providers and untrusted networks.

A full and detailed disclosure of all encryption related to data at rest, data in transit, cloud architecture and certifications can be found on the [Keeper Enterprise Encryption Model page](/enterprise-guide/keeper-encryption-model.md).

A video covering this model is below.

{% embed url="<https://vimeo.com/868437681>" %}
Vault Encryption & Security Model
{% endembed %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/keeperpam/privileged-access-manager/getting-started/architecture/vault-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.