Your account pin combined with a system generated unique user account pin is used as the encryption key. Consider this as needing 2 keys to open a locked door. Our system holds 1 key and you hold the 2nd key and both are required to unlock the door. This combined key ensures that your data is in an encrypted state at all times and cannot be recovered unless their are 2 keys to access.
The system key is 12 characters in length and your pin is 4 characters in length. Thus making the key to access your data being 12+4=16 characters in length.
Your account pin is only stored in the current PHP session. It IS NOT stored on the server, nor is it stored in cookies. When you enter your pin, an attempt is made to decrypt your data. If t he decryption is successful, your pin is stored as a session variable. The server only stores the fact that you have setup a account pin.
If you forget your account pin, there is no way for us to recover your data. Be sure to keep your account pin. Backup your data.
