Your data lives on your device. Encryption activates automatically. No server ever sees plaintext.
Every piece of user data starts and stays on the device. The SDK uses WatermelonDB backed by IndexedDB in the browser and SQLite on mobile. Each wallet address gets its own isolated database instance.
Media files use the browser's Origin Private File System, a sandboxed filesystem that other web pages cannot access. Nothing is sent to a server unless you enable cloud backup.
Sensitive content is encrypted — metadata needed for queries stays in plaintext. Your encryption key is derived from your wallet signature using 256-bit AES-GCM. Keys exist only in memory and are never written to disk.
Each encrypted value is version-prefixed (enc:v3:) so encrypted and plaintext data coexist seamlessly. Domain separation ensures distinct keys across applications.
Open source models do not retain your data or use it for training. Closed source models may retain data according to their own policies.
Because of this, open source models can access all your memories. Closed source models can only access memories from closed source conversations — unless you explicitly share specific memories with them through My Memory.
Cloud backup is completely opt-in. When enabled, your data is encrypted with your wallet-derived key and verified with a SHA-256 checksum before anything leaves your device. Anuma stores only the encrypted result on Cloudflare R2 — even a full server compromise yields nothing readable.
Delta sync means only changes are uploaded, not your entire history every time. You choose exactly what gets backed up and where it's stored.
Your encryption key is derived from your wallet each time you open Anuma. It lives in memory for the duration of your session and is cleared the moment you close the page. It is never saved to disk, never sent to a server, and never held by Anuma.
There is no escrow, no recovery mechanism, and no backdoor. If you lose your wallet, your encrypted data is gone. That's the point — no one else can ever access it.
Five layers protect your data at every level of the stack.
| Layer | Protects against | Implementation |
|---|---|---|
| Local-first storage | Server-side data breaches, central database compromise | WatermelonDB + IndexedDB/SQLite, per-wallet isolation |
| Field-level encryption | Local device access, browser devtools inspection | AES-GCM-256 with HKDF-derived keys, version-prefixed |
| Memory separation | Data retention and training by closed source providers | Open source: full memory access, no retention. Closed source: restricted scope unless user shares |
| Encrypted backup | Cloud storage compromise, provider data access | Client-side encryption before upload, delta sync |
| Session-scoped keys | Post-session device theft, storage-level attacks | In-memory only, cleared on page unload, wallet re-derivation |
How Anuma keeps your data private at every layer.
Anuma uses 256-bit AES-GCM encryption. Keys are derived from your wallet signature using SHA-256 and HKDF with domain separation. Encrypted values are version-prefixed (enc:v3:) so encrypted and plaintext data coexist seamlessly. Encryption happens on your device before data goes anywhere.
No. By default, all data stays on your device. If you opt in to encrypted cloud backup, only encrypted blobs are stored on Cloudflare R2. Anuma cannot read them.
Your wallet is the only key. There is no server-side escrow, no recovery mechanism, and no backdoor. If you lose your wallet, all encrypted data — both local and cloud backups — is unrecoverable. This is by design.
No. Anuma never holds your encryption keys. Data is encrypted on your device before it leaves. Even with full server access, employees cannot decrypt your content.
Open source models do not retain your data or use it for training. Closed source models may retain data according to their own policies. Because of this, open source models can access all your memories. Closed source models can only access memories from closed source conversations unless you explicitly share more through My Memory.
Yes. Backup is opt-in only. Data is encrypted with your wallet-derived key before upload and verified with a SHA-256 checksum. Anuma stores only encrypted blobs on Cloudflare R2 using delta sync. Without your wallet, the data is unreadable.
Local data can be cleared from the app at any time. If you enabled cloud backup, you can delete all encrypted backups from settings. Deletion is immediate and permanent.