Privacy & Encryption
How to protect your data with AES-256-GCM end-to-end encryption
CaliMoney offers optional AES-256-GCM encryption to protect your data in the cloud. The key is derived from your passphrase via PBKDF2 (100,000 iterations, SHA-256) and never leaves your device.
How it works
- Movements are encrypted locally before being uploaded to Firestore.
- Only someone who knows the passphrase can read the data.
- Firebase and anyone with database access sees only unreadable encrypted data.
- The key is kept in memory for the session; closing the tab or app clears it.
Enabling encryption
Go to Settings → Privacy.
Tap Enable encryption.
Choose a strong passphrase and enter it twice to confirm.
Tap Save. All new movements will be encrypted.
Save your passphrase somewhere safe. If you lose it, data in the cloud becomes unrecoverable. CaliMoney cannot reset the passphrase for you.
Unlocking the app
When you open CaliMoney with encryption enabled, you will see the unlock screen. Enter your passphrase to decrypt data and access the app.
Disabling encryption
Go to Settings → Privacy.
Tap Disable encryption.
Enter your current passphrase to confirm.
Movements are re-synced to the cloud in plaintext.
Encryption indicators
| Icon | Meaning |
|---|---|
| 🔒 green (header) | Encryption active in this session |
| 🔓 red (header) | Encryption disabled |
| 🔒 per movement | That movement is saved encrypted in the cloud |
Encryption requires a secure context (HTTPS or localhost). In HTTP development, the feature shows a notice instead of crashing.