Tearleads

Security architecture

Tearleads keeps local keys and encrypted storage on your device. Sync moves ciphertext and signed metadata so the service can keep devices up to date without holding content keys.

Security architecture diagram showing optional PIN unlock, a local keyring, encrypted local SQLite and blob storage in OPFS, and ciphertext-only sync to the Data Persistence API.
  • Device-only keys

    Session keys stay client-side.

  • Encrypted persistence

    Local bytes persist encrypted.

  • Ciphertext-only service

    The server stores what it cannot read.