Connections
Share vault data with people and organizations you trust — under rules you control.
What Is a Connection?
A connection is a one-to-one link between your vault and another BoxOwl user or organization. Each connection records:
- Who — the other party's handle or organization slug.
- Type — family, friend, coworker, partner, or other.
- Trust level — restricted, standard, trusted, or intimate. Determines what they can see by default.
- Override list — per-category opt-in or opt-out on top of the trust-level default.
A connection is symmetric in existence but asymmetric in visibility: both parties see each other as connected, but each side controls what the other can read. Your trust level for them does not have to match their trust level for you.
Adding a Connection
From the Connect tab, tap Add Connection. Four options appear:
- Scan QR Code — fastest path when you are physically with the person. They open their BoxOwl QR card, you scan, you both confirm.
- Search by Handle — find someone by their
@handle. Sends a connection request the other side must accept. - Find Organizations — browse organizations on BoxOwl that accept consumer connections (e.g. for prescription pickup, loyalty programs).
- Groups — bundle existing connections to share with multiple people at once (see below).
All inbound requests appear in Connect > Incoming Requests. Nothing is shared until you accept.
Trust Levels
Trust level is the coarse-grained switch that controls how much of your vault a connection sees:
| Level | Typical default categories | Use case |
|---|---|---|
| Restricted | Public profile only — handle, display name, avatar. | Acquaintances, one-off contacts. |
| Standard | Add: primary email and phone. | Most friends, coworkers. |
| Trusted | Add: address, work history, social links. | Close friends, immediate family. |
| Intimate | Add: anthropometrics, dietary preferences, emergency contacts. | Spouse, parents, primary caregiver. |
Set defaults per connection type (family / friend / coworker / partner / other) in Connect > Settings > Default Trust Levels. You can still override any default for any single connection.
Payment methods and secure notes are end-to-end encrypted. They are never shared via trust level — sharing those requires explicit per-record action.
Per-Category Overrides
Open any connection and tap the category list to override the trust-level default. Each row offers three options:
- Hide — this connection cannot see this category, even though their trust level allows it.
- Use default — inherit from the trust level (recommended).
- Share — this connection can see this category, even though their trust level would not allow it.
Overrides are evaluated server-side at read time, so a change is reflected for the other party on their next refresh.
Groups
A group is a saved bundle of connections. Use groups when you want to share a one-off field with several people at once without changing each connection individually.
Example: a "Travel partner" group containing your spouse, your parents, and a designated emergency contact. Sharing a flight itinerary with that group reaches all three without you re-selecting each name.
Create groups via Connect > Add Connection > Groups > Create Group. Member changes apply immediately to anything currently shared with the group.
Sharing Dashboard
Reach the Sharing Dashboard via Connect > Settings > Sharing Dashboard. It is a category-by-category audit of who currently sees what across all your connections.
For each category (address, phone, work history, etc.) you see:
- The list of connections that can read it right now.
- Whether each one sees it via trust level, per-category override, or group inclusion.
- A one-tap "Revoke" action that demotes the connection or sets a Hide override for that category.
This is the right place to start when you want to audit your exposure before sharing something new.
Smart Headers and the Browser Extension
Connections also gate what the BoxOwl browser extension is allowed to send via Smart Headers to organizations whose sites you visit. The toggle lives at Connect > Settings > Extension Sharing.
Demographic data (name, age, location) is off by default. When enabled, you can blocklist specific sites so the extension stays silent there even though sharing is generally on.
Revoking a Connection
Open the connection from the Connect tab, scroll to the bottom, and tap Remove Connection. Both sides see the connection disappear within their next sync.
Revoke is immediate but not retroactive: data the other side has already cached on their device is not deleted. For sensitive items that you regret sharing, rotate the underlying value (e.g. change phone numbers, revoke an OAuth token).