Local-First and Encrypted Privacy Design

In an era where everything lives in the “cloud,” we are accustomed to uploading our diaries, study notes, and important files to the internet. However, this also means that if you lose internet access, face server outages, or if service providers change their policies, your digital assets can suddenly become inaccessible.

Easchi chooses a different path. From the very beginning of our architectural design, we established local-first and privacy-focused as our core principles. We do not hold your data, and any cloud transit remains strictly encrypted—we are simply building a lock and a secure room for you.

Data Backup and Recovery

⚠️ Warning: After setting your password, please make sure to back up your configuration files. If you only have the password without the original configuration files, your data cannot be recovered.

To restore your data on a new device, you will need both your password and your configuration files to decrypt it properly.

Here are the specific steps:

Immediately after opening the app for the first time and setting a password, back up all files in the configuration directory.
When using a new device, you can initially set any password. Once unlocked, check the path of the configuration directory in the settings.
Delete the files in this new directory, and place your previously backed-up configuration files into it.
Restart the app and enter your original password.

🔒 What is “Local-First”?

Simply put, your data is stored on your own device. To guarantee your absolute sovereignty over your data, Easchi follows extremely strict local data storage standards:

No Internet Required, Fully Independent: Even without a network connection—whether you are on a high-speed train, a flight, or in a remote mountainous area—you can still seamlessly read, edit, and review all your content.
No “Data Hijacking”: Your notes will never be locked into a proprietary software format. All extra data, metadata, and configurations generated while Easchi is running are stored in a highly readable, plain-text format under your local user documents directory.
Lightweight Data & Records: Depending on the specific use case, data is stored in .toml, .tsv, or .jsonl formats. You can fully export or back them up anywhere at any time.
Database Acceleration: To ensure a smooth experience for users with large volumes of data, enabling database acceleration significantly speeds up queries when your notes and cards reach tens of thousands. The database acts solely as a local cache accelerator for mapping relationships and retrieval, while the core source files remain independent local files.
Uncompromising Privacy: Your knowledge, thoughts, and privacy stay strictly on your own screen. When syncing data, it is encrypted on your device before being uploaded and stored in ciphertext form.

🛠️ Three-Tiered Defense: Hierarchical Encryption System

To handle various life and work scenarios, all of Easchi’s encryption actions are executed directly on your local device. The system derives high-strength underlying keys from the strong password you set, providing three levels of encryption protection:

1. Single-File Encryption — For Sensitive Content

Allows you to individually encrypt specific sensitive notes (such as diaries, account passwords, or business secrets) within your user directory. Before decryption, external tools cannot read their content.

2. Entire Directory Encryption — Building a Comprehensive Defense

Fully encrypts all notes, image attachments, and card metadata within your designated workspace directory, turning them into a pile of indecipherable code.

3. Filename Encryption — Absolute Invisibility

Sometimes, hiding the content isn’t enough; file titles (such as “2026 Year-End Financial Report”) can also compromise your privacy. Easchi supports filename encryption.

After encryption, the filenames on the disk will turn into meaningless characters like 018f3d1a-5b7c-7000-8000-000000000001.
The underlying mapping data of the real filenames is securely processed automatically by Easchi within an encrypted sandbox, ensuring absolute anonymity at the storage layer.

💡 Scenario: In the system’s file manager, outsiders will only see a pile of scrambled code that offers no entry point. They won’t be able to find any trace of your files by searching for keywords, achieving true “total invisibility.”

⚠️ Password Security Warning Because Easchi strictly adheres to the principle of data localization, your password has never been—and will never be—uploaded to any server. It exists solely in your mind and on your local device. Please be absolutely sure to keep your password and configuration files safe. Once lost, locally encrypted data can never be recovered.

🛡️ Advanced Security and Multi-Workspace Support

External Link Sandbox Security Policy

Knowledge management inevitably requires referencing or visiting external web pages. To address this, Easchi establishes an extremely strict security boundary:

Authorized Pop-up Prompts: Any request for an external link that leaves the safety boundary of the current workspace will trigger a system-level pop-up. The connection will only proceed after your explicit authorization.
Plugin Security Restrictions: Writing and running plugins using dangerous statements is strictly prohibited.

💡 FAQ

Q: Will local-first affect my multi-device synchronization?

A: No. Easchi features a built-in synchronization mechanism optimized for massive amounts of cards, allowing you to sync data just like any other cloud software. The difference is that your data is encrypted locally before it leaves your device. During transmission, anyone intercepting it will only see encrypted fragments. Your data will only be securely decrypted once you correctly restore it on another device.

⚖️ Our Commitment: Technology should be used to better protect individual independence, rather than becoming a shackle that restricts freedom. Here, you possess absolute, unshakeable sovereignty over your own data.