Breach-Proof by Design
What an Attacker Finds After a Full Compromise
Nothing to Crack
Every major credential breach follows the same path: extract the database, crack the hashes offline.
The Users Api closes that path at the source.
The database stores no hashes. Offline cracking requires something to crack.
A Breach That Yields Ciphertext
Compromising the Users Api server delivers encrypted user data and an unlabeled graph per account.
The unlabeled graph proves a user exists. It does not prove their password, reveal their email address, or unlock their data.
Recovery would require independently solving the zero-knowledge protocol, which provides no shortcut to the credential.