Glossary of Terms
A concise reference for common concepts used throughout bervice: encryption, sync, billing, teams, and more. Each entry links to deeper docs where applicable.
A
Access Control
Rules that determine who can view, edit, or share items and vaults. See Sharing & Roles.
Account Recovery
Regaining access using your recovery seed or key file. We cannot reset master passwords due to zero-knowledge design.
AEAD
Authenticated Encryption with Associated Data. Ensures confidentiality and integrity (e.g., detects tampering).
Admin Console
Team management area for seats, roles, billing, and activity.
AppImage
Portable Linux packaging format. Make executable with chmod +x before running.
B
Biometric Unlock
OS-level biometrics (Touch ID, Windows Hello) to unlock the vault after you’ve authenticated once with your master password.
Blockchain Billing
On-chain subscription state managed via smart contracts; transactions are transparent and final once confirmed. See Payment Options.
Bucket
A logical container used in the storage pipeline to hold encrypted objects and metadata.
C
Cache
Local, temporary storage that speeds up previews and file operations. Clearing cache does not delete encrypted data.
Checksum
A short value derived from file content used to verify integrity after download. See Show checksum.
Client-Side Encryption
Encryption performed on your device before data is sent to storage or the network. Keys never leave your device.
Conflicts
Divergent edits detected during sync. Resolve by choosing a version or merging fields. See conflict tips.
D
Decentralized Storage
Content-addressed storage network used for encrypted file chunks. Improves durability and verifiability.
Device Authorization
Approving a new device to access decrypted vault keys. Manage in Settings → Security → Devices.
Diff/Delta Sync
Transferring only changes (deltas) instead of entire files to speed up synchronization.
E
Encryption Key
Secret used to encrypt/decrypt data. Derived from your master password (for vault keys) or generated per item.
Integrity Check
Operation that re-verifies item blocks and re-downloads any corrupted chunks. See Encryption Errors.
F
Finality (Blockchain)
Point at which a transaction is considered irreversible and your plan state updates in-app.
FIPS Mode
Optional configuration for environments that require FIPS-validated cryptographic modules.
G
Gas (Network Fee)
Fee paid to process a blockchain transaction during subscription changes or renewals.
Gateway (Fiat)
PCI-compliant payment provider that accepts cards and settles on chain on your behalf.
H
Hardware Wallet
Physical device that signs blockchain transactions securely without exposing private keys to the desktop.
Hash
Fixed-length fingerprint of data, used for integrity checks and content addressing.
I
Item Key
Per-item encryption key; enables secure sharing by re-wrapping for recipients without exposing your master key.
Invite (Team)
A cryptographically signed request for a user to join a team space with specified permissions.
J
JSON (Import/Export)
Structured text format supported for importing/exporting items. Handle with care if unencrypted.
K
Key Derivation Function (KDF)
Algorithm (e.g., ) that turns your master password into strong keys resistant to brute-force.
Key File
Optional second factor for unlocking a vault. Store offline; never share it with support.
L
Lazy Load
Performance setting that loads items on demand to speed up launch with large vaults.
Local-First
Data is created and encrypted on your device before any network activity occurs.
M
Master Password
Primary secret you create to derive vault keys. We cannot reset or recover it for you.
Metadata
Non-content information (e.g., timestamps). Sensitive metadata is minimized and encrypted where possible.
N
NTP (Network Time Protocol)
Protocol for clock synchronization. Time skew can break TOTP and key operations—enable automatic time.
O
On-Chain
Data recorded on a blockchain (e.g., subscription state). Vault contents are never written on chain.
One-Time Password (TOTP)
Time-based six-digit code used as a second factor for sign-in. Requires accurate system time.
P
PGP
Encryption standard for securely sending logs or sensitive details to support. See PGP key.
Policy (Access)
A set of rules defining what actions a role can perform (e.g., view, edit, share, admin).
Q
Quantum-Resistant (Overview)
Cryptographic choices and key sizes designed to mitigate future quantum attacks. See Encryption Overview.
Quota
Storage or device limits associated with your plan. Check in Settings → Storage.
R
RBAC (Role-Based Access Control)
Permission model assigning capabilities based on roles (Admin/Member/Viewer).
Recovery Seed
Human-readable backup of your vault keys. Store offline; required if you forget your master password.
S
Smart Contract
Program on a blockchain that enforces subscription logic, referrals, and plan state transitions.
Sync
Process of propagating encrypted changes across devices. Includes conflict detection and version history.
Signature (App/Release)
Cryptographic verification that installers and updates come from bervice and were not modified. See Verifying Downloads.
T
Team Space
A shared area for items and files with role-based permissions and audit-friendly activity.
Throttling (Sync)
Limiting concurrency/bandwidth to reduce impact on busy networks or CPUs. Configure in Settings → Performance.
TOTP
See One-Time Password above. Time sync is critical for valid codes.
U
Upgrade/Downgrade
Changing plan tier. Upgrades apply after confirmation; downgrades at next billing cycle.
UID (Item/Device)
Unique identifier used internally to track items and authorized devices without exposing content.
V
Vault
An encrypted container holding items and files, unlocked with your master password (and optionally a key file).
Version History
Timeline of edits allowing you to restore earlier versions of items or files.
W
Wallet
Application or hardware device holding your blockchain keys used to approve subscription transactions.
WebSocket
Persistent connection used for real-time sync updates and status notifications.
Z
Zero-Knowledge
Architecture where bervice cannot access your plaintext data or keys. All encryption happens locally on your device.