Passkeys all tiers
sign in with Face ID, Touch ID, Windows Hello, or a hardware keyPasskeys are stronger than passwords and faster than codes. Add one per device you trust - your phone, your laptop, your hardware security key. Sign-in becomes one tap.
Authenticator app (TOTP)
checking…Use any authenticator app (1Password, Aegis, Google Authenticator, Authy) to generate a 6-digit code every 30 seconds. Backup when your passkey isn't handy.
Step 1. Add this key to your authenticator app - either scan the URI on a phone, or paste the setup key below.
otpauth://…Step 2. Type the current 6-digit code your app is showing.
Your 10 backup codes
Save these now - you'll only see them once. Use one any time you can't reach your authenticator app.
Subscription
current: Free (Pack)Pick a plan above — Stripe Checkout opens a secure payment page. Manage or cancel your plan anytime from the billing portal below.
Hearth companion · 3D avatar
SVG default
Build your companion in VRoid Studio (free), export as .vrm, host the file on a public HTTPS URL (R2, GitHub, Dropbox direct-link), and paste below. We never download or store the file - your browser fetches it from your host.
File must be HTTPS, end in .vrm, max 20 MB. Renders on desktop where the device has enough GPU; phones fall back to the lightweight SVG companion automatically.
Family Pack
10 seats · one bill · household-wideYou're on the Family plan - create your household to start adding members.
Family pack is part of the Family plan (€50/mo · 10 devices). See plans →
Compare features
single source of truthloading matrix…
Telegram
one-tap sign-in · Hearth · Guardian alertsClaim your @handle here, then tap Start on the Vilkax Hearth bot. From then on every new sign-in attempt asks you to confirm in Telegram - no email link needed when you're at the keyboard.
Language
app + email language · stored on this deviceVilkax's UI shell follows your selection. Full string translations land progressively - English is complete today; other locales fall back to English for any string not yet translated.
Devices
…Every device that's signed in is listed here with its trust state. Revoke any device to kill its sessions and force a fresh sign-in with a stronger factor. Your tier caps the number of registered devices (Free 2 · Pro 6 · Family 10 per seat · Business / Enterprise unlimited).
Compliance
your data, your control- Encryption at rest - every email is AES-256-GCM encrypted with a key we rotate on demand.
- Domain-aggregate operator views - the Vilkax operator dashboard surfaces emails as
al★★★@example.com; the business view never reads the email column at all. - Right to export - request a JSON dump of your row + every shield event ever raised on your behalf (self-service and free on every account).
- Right to be forgotten - your data is hard-deleted within 30 days; encrypted backups age out within 90.
- Right to explanation - every automated decision (threat score, AI tier, anomaly flag) is logged with its inputs; you can request the record that drove any specific call.