Privacy
Last updated: April 2026. Adjust this page to reflect the actual posture of your deployment.
Where your data lives
Vita stores all habits, observations, profile information, and settings inside your browser’s Origin Private File System (OPFS). The encryption keys that protect that data live in IndexedDB. Both are scoped to the origin you visit and isolated from other websites.
What the optional relay sees
If you opt in to multi-device sync via /settings/sync, your devices push encrypted change records to a relay you point them at. The relay observes:
- your account ID and device IDs (UUIDs);
- your device labels (e.g. “Pixel 8”);
- per-document “stream IDs” that are HMAC-SHA256 of doc names under a key only your devices share;
- opaque ciphertext for each change, plus its timing and length.
The relay never sees the plaintext content of habits, categories, observations, your name, or any other information sealed inside the ciphertext. The contents are encrypted with XChaCha20-Poly1305 under a 256-bit master key that is generated on your device and never leaves it in cleartext.
Pairing additional devices
When you pair a new device, the master key is transferred between devices over an ephemeral X25519 ECDH channel. The relay forwards the sealed payload but cannot decrypt it.
What we don’t do
- No analytics, telemetry, or third-party trackers.
- No advertising network integrations.
- No selling, sharing, or licensing of your data to anyone.
- No accounts created on your behalf with third-party providers.
What you can do
- Export or wipe your local data at any time via the
/recoverypage. - Disconnect from the relay via
/settings/sync. Your local data stays intact; only future sync stops. - Self-host the relay so you control the metadata it can see.
Limitations
Local-first cryptography cannot protect against a compromised device, browser, or operating system. If your machine is compromised, your data is at risk regardless of what Vita does. The relay’s metadata (timing and event sizes) can also be subject to traffic analysis.