Community Shield
When any user catches an attacker, the IP fingerprint is shared across all users with 7-day TTL auto-blocking. Collective immunity.
Consumer Honeypot DefenseYour credentials are already
Your credentials are already
on the dark web.
Be the one who knows first.
CanaryVaults plants decoy identities across attacker hunting grounds. When fake credentials are used, our tripwire intelligence fires instantly β catching threats before they reach your real accounts.
How It Works
Three steps. Zero effort.
Your decoy network deploys automatically in under 60 seconds.
1
We plant fake credentials
Three tiers of canary identities β social media, email, and financial β are generated and seeded into paste sites and breach channels that attackers actively scrape.
2
Attackers steal them
Credential harvesters and combo-list bots pick up decoys from Pastebin and dark web channels. They have no idea they're fake.
3
Tripwire fires instantly
The moment a canary is used, parallel threat-intel checks from AbuseIPDB, GreyNoise, IPInfo, and VirusTotal profile the attacker in under 2 seconds. You get alerts via Telegram and email.
Capabilities
Everything working to protect you
Enterprise-grade threat intelligence, consumer-simple setup.
Breach Monitoring
HIBP v3 + paste site monitoring. Tracks your real emails for breach exposure with k-Anonymity password checks. Only alerts on new findings.
Canary Network
Multi-tier decoy credentials mapped to your risk surface. Automatically rotated when an attacker burns one. Always fresh.
Threat Intel Pipeline
AbuseIPDB, GreyNoise, IPInfo, and VirusTotal checked in parallel. Full attacker profile with risk score in under 2 seconds.
Weekly Intelligence Briefing
Sunday summaries via Telegram and email: canaries fired, attackers caught, risk trends, and community contributions.
Tar Pit Deception
Progressive deception wastes attacker time with fake login success, MFA prompts, and session loops. 10-15 minutes per attempt.
Security & Privacy
How we handle your data
We're a security product. Transparency isn't optional β it's foundational.
Canaries are 100% synthetic
Decoy credentials are never derived from your real passwords or personal information. They exist only to trap attackers.
TLS encryption everywhere
All data in transit is protected with 256-bit TLS. API keys and tokens are hashed before storage. We never log passwords.
Full data export & deletion
Export all your data or permanently delete your account at any time. GDPR-level data rights for every user, everywhere.
We never sell your data
Community Shield shares only non-personal threat indicators (malicious IPs, ASNs). Your email, name, and credentials are never exposed to anyone.
k-Anonymity breach checks
Password breach lookups use HIBP's k-Anonymity range API β we never send your full password hash to any external service.
How we compare
CanaryVaults is a new category β proactive identity defense.
| Capability | CanaryVaults | HIBP | Password Manager | VPN |
|---|---|---|---|---|
| Active decoy credentials | β Yes | β | β | β |
| Tripwire alert before real account use | β Yes | β | β | β |
| Attacker profiling with threat intel | β Yes | β | β | β |
| Community threat sharing | β Yes | β | β | β |
| Known breach lookup | β Yes | β Yes | Some | β |
| Credential storage | β | β | β Yes | β |
| Network privacy | β | β | β | β Yes |
Plans
Simple, transparent pricing
Start free. Upgrade when you need more coverage. Cancel anytime.
$0 / month
- 1 monitored email
- 1 canary identity
- Basic tripwire alerts
- Community Shield access
$3.99 / month
- 3 monitored emails
- 9 canary identities (3 per email)
- Full threat dashboard
- Weekly intelligence briefing
- Breach monitoring + paste alerts
- Telegram + email alerts
$7.99 / month
- 5 family members
- All Personal features
- 15 monitored emails total
- Priority threat response
- Expanded community shield intel
Checking your session...
Frequently asked questions
Will this expose my real passwords?
No. Canary credentials are entirely synthetic β they are never derived from or connected to your real passwords. They exist only to trap attackers.
Can I export or delete all my data?
Yes. The privacy page lets you export your full data or permanently delete your account at any time. We follow GDPR-level data rights for every user, regardless of location.
How quickly do I get alerts?
Under 3 seconds. When a canary fires, parallel threat-intel checks run instantly via AbuseIPDB, IPInfo, GreyNoise, and VirusTotal. Telegram and email alerts fire simultaneously.
Do I still need a password manager?
Absolutely. CanaryVaults is not a replacement β it's an early warning system. Use a password manager for credential hygiene, use CanaryVaults for attack detection.
Who built this?
CanaryVaults is built by security engineers with backgrounds in threat intelligence and incident response. We built this because we saw the gap between breach notifications (too late) and real-time attack detection (too expensive for consumers).
What happens when a canary is βburnedβ?
When an attacker uses a canary, it's marked as burned and a fresh replacement is automatically generated and re-seeded. Your coverage never drops.
How is community data shared?
Only non-personal threat indicators (malicious IPs, ASNs, attack patterns) are shared via the Community Shield. Your email, name, and credentials are never exposed.
Can I cancel any time?
Yes. Cancel from your billing page. Access continues through the end of your current paid period. Your canaries remain active until then.
Your decoy network starts in 60 seconds.
Free tier. No credit card. Full protection from day one.
π 256-bit TLSπ‘οΈ Zero PII storedπ€ Full data exportβ Cancel anytime