Security model
PangolinMatrix is an encoding system, not a password vault. It does not store your real passwords or your directive.
The server stores your email, hashed PangolinMatrix account password, verification state, and randomized matrix. Your directive is shown once after verification and successful login, then removed from the session after confirmation.
Browser-only helper
The encode/decode helper works from the matrix already loaded in your page. Typed password text is transformed locally in JavaScript and is not sent to our server.
You can also use the matrix manually without the helper.
Keep your matrix and encoded password notes separate. The system is strongest when no one else can access both.