Zero-access encryption by design
Your data is encrypted on your device before it ever reaches a server. The server stores only encrypted blobs it can never read.
How encryption works
Graspee uses a client-side key hierarchy. Your password and a random salt are run through PBKDF2 with 200,000 iterations to derive a Key Encryption Key (KEK). The KEK encrypts a randomly generated Data Encryption Key (DEK). The DEK encrypts all your data using AES-GCM-256. Your password never leaves the browser.
What zero-access means
The server never sees your plaintext data, your password, or your encryption keys. Even with full database access, the server operator cannot read your notes, tasks, transactions, or any other content. If you enable sync, the server relays encrypted blobs between your devices but cannot decrypt them.
Session security
Your DEK is encrypted under a temporary Session Wrapper Key stored in sessionStorage. It survives page refreshes but is cleared when you close the browser. Sessions use HttpOnly cookies with SameSite and Secure flags. CSRF protection is enforced via origin checking. Rate limiting protects authentication endpoints.
Sync encryption
Cloud sync uses Yjs CRDT documents encrypted client-side. The WebSocket transport carries only encrypted payloads. State vectors and updates are validated server-side for size but never decrypted. Compaction uses optimistic locking to prevent data loss.
Bank connection security
Plaid access tokens and ownership proofs are stored in your encrypted local shard, never in the server database. The server acts as a pass-through: it relays Plaid API calls and may hold sync payloads briefly in memory, but stores no durable Plaid data. HMAC ownership proofs bind tokens to your account statelessly.