About Glassbreak

Glassbreak exists because we believe no team should ever be locked out of their own critical credentials during an emergency.

Too many organisations rely on a single person, a single password manager, or a single cloud provider to protect their most sensitive secrets. When disaster strikes — an outage, a key person leaving, a provider going down — these single points of failure can turn a bad situation into a catastrophic one.

What We Build

Glassbreak is a zero-knowledge secret-sharing and emergency-response platform. Critical credentials are encrypted client-side, split into Shamir shares, and distributed across three independent cloud providers (Cloudflare, Azure, and Scaleway). Recovery requires a quorum of approvers, and every action is captured in a tamper-evident audit log.

Alongside the secret-recovery flow, Glassbreak ships an emergency-response surface — encrypted chat, call trees, playbooks, and push alerts — so the people who can unlock a secret are also the people coordinating the response.

How We Operate

We operate on a strict zero-knowledge principle: the server never sees plaintext share material, never sees a user's vault passphrase, and never holds a key that could decrypt either. Approvals are server-as-relay only — the platform forwards encrypted material between approvers and requesters, but cannot read it. Infrastructure is split across three independent providers so no single cloud outage can lock a customer out, and every security-relevant action — failed logins, share retrievals, impersonation, GDPR requests — is written to an immutable audit trail.

Our Principles

  • Privacy-first — We use client-side encryption and privacy-respecting analytics. No tracking cookies, no invasive data collection.
  • Zero-knowledge — We never see, store, or process your unencrypted secrets. If our infrastructure is compromised, your data remains secure.
  • Multi-cloud resilient — No single cloud provider failure can lock you out. Three providers, fully isolated infrastructure, zero overlap.
  • Audit everything— Every secret access, every approval, every escalation is logged. Compliance isn't an afterthought.

Company

Operating name
Glassbreak
Jurisdiction
Australia — services governed by Australian law
Product
Zero-knowledge secret sharing and emergency response

Security & Disclosure

We take security reports seriously. If you believe you have found a vulnerability in Glassbreak, please disclose it responsibly by emailing us before any public disclosure.

Disclosure email
security@glassbreak.io
Encryption
PGP key available on request
Scope
glassbreak.io and its API endpoints

We aim to acknowledge reports within two business days. Please give us a reasonable window to investigate and remediate before disclosing publicly.

Contact

General
hello@glassbreak.io
Support
support@glassbreak.io
Privacy
privacy@glassbreak.io
Legal
legal@glassbreak.io
Start Protecting Your Secrets — Free

Stay Updated

Get product updates and security insights. No spam, unsubscribe anytime.

We respect your privacy. See our privacy policy.