How is my data encrypted?

Your Confidant database is encrypted at rest using SQLCipher with a key managed by your operating system. Here's what that actually means.

The database

All your structured data — patients, sessions, transcripts, notes, settings — lives in a single SQLite database file inside Confidant's data folder.

That file is encrypted using SQLCipher, an extension to SQLite that applies AES-256 in CBC mode to every page of the database. SQLCipher is widely used in apps that handle sensitive data on disk.

If someone copies the database file off your machine — say, by plugging in an external drive and grabbing it — they get a file full of unreadable encrypted bytes. Without the encryption key, there's nothing they can do with it.

Where the encryption key lives

The key is stored in your operating system's secure credential store:

  • macOS — Apple Keychain Services
  • Windows — Credential Manager (DPAPI-protected)

Both of these are designed for storing high-value secrets like login passwords. They're protected by your OS user account password and (on supported Macs) the Secure Enclave.

This means the key never touches the database file itself, never lands in any settings file, and isn't recoverable just by reading bytes off your disk. To decrypt the database, an attacker would need both the database file and access to your unlocked OS user account.

What about the audio recordings?

Audio files (the actual .wavs captured during sessions) are stored in the same data folder but are not currently file-level encrypted. They live behind your operating system's user account permissions — another OS user on the same machine generally cannot read them — but a determined local attacker with admin access could.

If this matters for your threat model, your options are:

  • Use full-disk encryption on your Mac (FileVault) or Windows (BitLocker) — most modern setups have this on by default
  • Store your home folder on an encrypted external drive
  • Delete recordings after a session is finalized (a future Confidant setting will automate this)

What about backups?

If you back up your computer with Time Machine or Windows Backup, the encrypted database file is backed up as-is. The OS keychain entry (the key) is also backed up by macOS as part of your iCloud Keychain or Time Machine — Windows backups behave similarly. So a restore on the same user account will work.

A restore on a different user account won't: the keychain entry is tied to the specific user. This is by design — it means a stolen backup can't be unlocked from a different machine without your OS password.

What if I forget my OS password?

If you can't unlock your OS user account, neither can Confidant. Your data is unrecoverable in that scenario. Treat your OS password the same way you'd treat the master key to a filing cabinet.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us