Security

System architecture

Your data lives on your device first. Our servers only handle and store updates for files you explicitly choose to share, enabling collaboration even when team members are offline. All other files in your Obsidian vault remain private on your device.

Data security

Your data is encrypted in transit and at rest. All data access requires approval and is logged. We don't look at user data, but we could be compelled to by law enforcement (this has never happened).

We don't currently support end-to-end encryption. If you need E2E encryption, we recommend using Obsidian Sync (opens in new tab) instead.

Infrastructure

We use AWS, Cloudflare, and Fly.io for infrastructure and real-time collaboration. We use Sentry for application error monitoring. All infrastructure is monitored and kept up to date with security patches.