The promise
What the design protects
A stolen database, disk, or backup should not reveal your conversations or saved memories. A compromise of the server while you are offline should not expose the key needed to decrypt your account.
No master content key
Each account has its own random 256-bit data-encryption key. We do not retain a universal key that can unlock everyone’s content.
Encrypted at two layers
The SQLite database is encrypted at rest, and sensitive content is separately encrypted with your account’s own key.
Small active window
Your key reaches the server inside your encrypted session cookie and remains in memory only briefly while active requests and background memory work finish.
Inspectable implementation
The application is open source, so these claims can be checked against the code rather than accepted as marketing language.
The limits
Where encryption cannot help
We want the boundary to be explicit. The model must receive readable conversation text to respond. A root attacker controlling the live server could also capture the keys and content of people actively using it during that compromise.
Saved conversations, memories, maps, databases, disks, and backups.
The live server and chosen AI provider must process readable content.
It changes the risk from “every user, at any time” to “active users during the compromise window.” Provider exposure is controlled through zero-retention routing and contractual safeguards, not end-to-end encryption.
Encryption
Three layers between data and disclosure
- 1
Database encryption
SQLCipher encrypts the complete SQLite database on disk. The deployment key lives in the protected server environment, not in the repository.
- 2
Per-user content encryption
Messages, memory fragments, embeddings, episodes, relationship profiles, and graph labels are encrypted again with XChaCha20-Poly1305 under your account’s unique key.
- 3
Encrypted recall
Embeddings are decrypted only in memory for your own searches. This avoids keeping a plaintext vector index that could reconstruct sensitive text.
Passkeys & recovery
Your credentials unlock your key
Authentication is passkey-only. A passkey seals a copy of your account key using WebAuthn PRF or, for supported Apple passkeys, synced largeBlob storage. Your recovery key seals another independent copy.
If you lose every passkey and your recovery key, the encrypted content cannot be recovered by us. Any recovery mechanism we controlled would also be a mechanism capable of bypassing your encryption.
After sign-in, the unlocked account key travels inside the encrypted authentication cookie so you can stay signed in without repeatedly entering a PIN. Short PINs are not used because they can be brute-forced offline.
AI & voice providers
What leaves the application
Language models
Conversation context is routed through OpenRouter with data collection denied, restricting requests to providers that do not retain prompts or use them for training.
Voice transcription
Voice recordings are processed by Deepgram within the European Union only to provide transcription. Every request opts out of Deepgram's model improvement program; Deepgram states that opted-out content is retained only for the time required to process the request.
Spoken responses
Text sent for speech generation is processed by Deepgram within the European Union only to provide speech synthesis, with the same model-improvement opt-out and processing-duration retention. Generated audio is streamed into browser memory and is not written to your database.
Operational safeguards
Security also depends on operations
- Secrets and API keys live in the deployment environment and are never committed.
- Authentication cookies are encrypted and require a strong server secret.
- Every memory, graph, session, and streaming request is scoped to the authenticated user.
- Conversation content is excluded from application logs.
- Authentication endpoints are rate-limited.
Do not take our word for it
Inspect the implementation.
IndividuateAI is open source. The security architecture can be read, questioned, and improved in public.