Privacy & Security

BaseLayer uses zero-knowledge architecture. Your data is encrypted before it leaves your device. We can’t read it on our servers.

Encryption at rest

Your local knowledge vault is encrypted using SQLCipher, an encrypted extension of SQLite. All entities, relationships, and conversation data are stored encrypted on disk.

Encryption in transit

When data syncs between devices or passes through our servers, it’s encrypted with AES-256-GCM using keys derived from your passphrase. Encryption happens on your device before transmission. Our servers only see encrypted blobs. We can’t decrypt your data.

Key management

Your vault encryption key is derived from your passphrase using PBKDF2 with 600,000 iterations. The passphrase never leaves your device and is never transmitted to BaseLayer servers.

BaseLayer cannot recover your passphrase. If you lose it, your vault cannot be decrypted. Store your passphrase in a password manager.

What BaseLayer servers see

Data	Visible to BaseLayer?
Conversation content	❌ No (encrypted)
Entity names and content	❌ No (encrypted)
Relationships	❌ No (encrypted)
Your email address	✅ Yes (for authentication)
Device metadata	✅ Yes (device name, OS version)
Usage telemetry (if opted in)	✅ Yes (feature usage, error rates)

Chrome extension privacy

The Chrome extension only activates on supported AI sites (Claude, ChatGPT, Gemini, OpenRouter, Open WebUI). It does not:

Track your browsing history
Read content on non-AI sites
Transmit unencrypted conversation data
Store data outside your local vault

Local-first architecture

BaseLayer works offline. Your vault is stored locally, and all search and recall operations happen on your machine. Internet is only needed for:

Account authentication
Multi-device sync (encrypted relay)
Remote MCP connections (Claude.ai, ChatGPT)

Open security model

We believe security should be transparent. For a detailed technical writeup of our security architecture, see our security whitepaper.

Reporting vulnerabilities

If you discover a security vulnerability, please email security@baselayer.id. We take all reports seriously and will respond within 48 hours.

Getting Started

Desktop App

Help

Privacy & Security

Privacy & Security

Encryption at rest

Encryption in transit

Key management

What BaseLayer servers see

Chrome extension privacy

Local-first architecture

Open security model

Reporting vulnerabilities

Getting Started

Desktop App

Help

​Privacy & Security

​Encryption at rest

​Encryption in transit

​Key management

​What BaseLayer servers see

​Chrome extension privacy

​Local-first architecture

​Open security model

​Reporting vulnerabilities

Privacy & Security

Encryption at rest

Encryption in transit

Key management

What BaseLayer servers see

Chrome extension privacy

Local-first architecture

Open security model

Reporting vulnerabilities