Chapter II · The problem

Your phone knows every price you’ve ever seen. It just won’t tell you.

You’ve been in the same threads since 2019. A dealer sent you a Sub for $12,400 last April. You know he did. Try finding that message today.

  • A search bar that works. Not WhatsApp’s. A real one. Filter by brand, reference, price, condition, date.
  • Every media type, parsed. Photos, voice notes, forwards, PDFs. Everything indexed. Everything searchable.
  • Alerts on the deals you want. Set a target. When someone drops a Sub for $12k, you’re pinged before the thread scrolls past it.
  • Free up your phone. Delete the chats. We keep everything. Forever.

Chapter III · Security · Caliber

Your archive is worth more than the watches in it.
We protect it like it.

Comps are proof of what you paid. Suppliers, buyers, prices, deals. If it leaks, you get burned. Vestari is engineered from day one to be one of the most secure archives a private dealer can hold.

Spec 01/06

AES-256 encryption at rest

FIPS-197 · Bank-grade

Every message, every photo, every voice note is encrypted with AES-256-GCM before it hits our database. The same standard used by governments and Tier-1 banks.

Spec 02/06

TLS 1.3 in transit

Forward secrecy · HSTS

Nothing moves between your phone, Vestari, and your archive without end-to-end TLS 1.3. No plaintext, no exceptions, ever.

Spec 03/06

Per-account key isolation

HKDF · One key per dealer

Your archive is encrypted with a key derived just for you. Even if another dealer’s data were exposed, yours would stay unreadable.

Spec 04/06

Read-only WhatsApp bridge

Zero send permissions

Vestari physically cannot send messages, react, or open personal chats. The bridge is compiled without those capabilities.

Spec 05/06

US-based, dealer-controlled

AWS us-east · SOC 2 hosts

Data stays on US soil, hosted on SOC 2 Type II infrastructure. Export your archive, delete your account, and it’s gone in under 60 seconds.

Spec 06/06

Zero-knowledge on sensitive fields

HMAC-SHA256 fingerprints

Phone numbers and seller identifiers are stored as one-way hashes. Even our own engineers can’t reverse them.

Caliber · Reference sheetNo. 001
Encryption
AES-256-GCM
Transport
TLS 1.3 · HSTS
Key derivation
HKDF · per dealer
Hosting
AWS us-east · SOC 2 II
Bridge
Read-only · zero send
Sensitive fields
HMAC-SHA256
Data residency
United States
Deletion
< 60 seconds

What Vestari will never do

Sell your data. Not to Chrono24. Not to insurance. Not to anyone.
Train a model on your comps. Your archive is not a dataset.
Store WhatsApp login credentials. Session tokens only, revocable.
Touch personal chats. Only the groups you explicitly turn on.
Share your seller list. It stays hashed, it stays yours.
Keep your data after you delete. Gone in 60 seconds, no recovery.

Under the hood · Vault-grade

Built like a vault

A dealer archive is only worth what it protects. Vestari treats every record like it belongs behind a safe deposit box, because for the dealer, it does. Here is the full engineering picture.

AES-256-GCM at rest

Every sensitive field — contact names, phone numbers, WhatsApp handles, group identifiers, free-text notes — is encrypted with AES-256-GCM before it hits disk. FIPS-197 compliant. Bank-grade.

TLS 1.3 in transit

All connections use TLS 1.3 with forward secrecy. HSTS is enforced with preloading. Legacy TLS versions and weak ciphers are disabled at the load balancer.

Per-account key isolation

A master key stored in AWS Secrets Manager derives a unique per-account key via HKDF-SHA256. Compromise of any single per-account key exposes only that account, never the archive at large.

HMAC-SHA256 fingerprints

Deduplication uses HMAC-SHA256 fingerprints of (brand, reference, price, deal date). We never index sensitive fields in plaintext. The pool cannot be scanned by identity.

Read-only WhatsApp bridge

The bridge cannot send messages, react, join, or leave a group. Zero send permissions at the protocol wrapper. Every write attempt is refused by the worker.

US-hosted, dealer-controlled

Hosted in AWS us-east-1. No offshore data transfer. Dealers can export, purge, or delete an account and have it purged in full within 30 days.

Zero data retention with OCR provider

Photo OCR uses Anthropic Claude under a zero-data-retention agreement. Content is never retained by the model provider and never used to train external models.

Least-privilege access

Production access requires hardware-key MFA. No standing engineer access to dealer plaintext. Every access to encrypted material is logged and reviewed.

Never — no exceptions

  • Never send WhatsApp messages on your behalf
  • Never share raw contact info between dealers
  • Never expose the group name in any pool row
  • Never train external AI models on dealer data
  • Never sell, license, or syndicate dealer data
  • Never store credit card numbers — Stripe handles PCI

Incident response

If we detect a security incident, we notify affected dealers within 72 hours with the scope, the fields exposed, and the containment steps taken. Reports come by email to the address on file plus an in-app banner. Our disclosure log is public and versioned.

Suspect an issue? Email security@getvestari.com. PGP key on request.