All of your account data is encrypted in your local browser and can only be accessed using your Ledger
A passcode and secret code are used together to encrypt/decrypt transactions. Kirobo receives the encrypted transaction for collection and a secret code. A passcode is used in the browser to encrypt the transaction together with the secret code, however, the passcode is not transmitted to Kirobo, preventing Kirobo from decrypting the transaction. When collecting, client enters the passcode, which, together with secret code, forms a key in your browser and transmits to Kirobo. Kirobo tries to decrypt the transaction using this key and publish it on the blockchain. If the passcode was correct, the transaction will be accepted, otherwise, the blockchain will reject the transaction as incorrect. Kirobo doesn’t see the passcode and doesn’t know if you are re-using the passcode (which we strictly advise against).
One should note that cancellation of the transaction is not dependent on anything except a user-initiated action and this can only be done using the wallet from which the original transaction was created.