Your passkey unlocks your account key.
IndividuateAI uses passkeys rather than passwords. A synced Apple passkey can store access to the account key using WebAuthn largeBlob, with a PRF-based wrap retained as a fallback where supported.
Privacy & security
We encrypt what we can, minimize what the server holds, and explain the moments when an AI provider must process your words.
IndividuateAI uses passkeys rather than passwords. A synced Apple passkey can store access to the account key using WebAuthn largeBlob, with a PRF-based wrap retained as a fallback where supported.
Sensitive account content is encrypted with a per-user data-encryption key. The SQLite database is encrypted again at rest with SQLCipher.
A separate recovery key can unlock your account if your passkeys are unavailable. If every passkey and the recovery key are lost, we cannot restore the account.
Encryption at rest cannot hide content while an AI model is actively processing it. Requests are routed to providers configured for zero-retention handling by default, but this remains an external processing boundary.
Speech recognition and synthesis use Deepgram’s EU endpoints. Audio and text must be processed long enough to perform the requested transcription or playback.
The application source is published under AGPL-3.0. You can inspect how authentication, encryption, memory and provider routing are implemented.
Inspect the source code →The honest boundary
When you send a message, the application server briefly needs access to the unlocked account key, and the selected AI provider needs the message content to produce a response. Background memory extraction also processes relevant conversation text.
Do not put information into any AI service that you cannot accept being processed by its infrastructure. For needs requiring professional confidentiality, speak with a qualified human therapist under the rules that apply where you live.