Skip to main content

Security & Privacy

Details on end-to-end encryption, session timeouts, data export, and account deletion in Sylva.

Your security settings are managed from Settings > Security, where you can control encryption, session behavior, and data exports.

Security settings

Encryption

By default, all your data is encrypted at rest on the server. For additional security, you can enable end-to-end encryption (E2E):

  1. Go to Settings > Security
  2. Enable end-to-end encryption
  3. Sylva generates an encryption key pair — your private key is encrypted with your password
  4. You'll receive a 24-word recovery phrasewrite this down and keep it somewhere safe

Enable end-to-end encryption

With E2E encryption enabled, your messages are encrypted on your device before they're sent to the server. Only you can read them.

Important: If you forget your password and don't have your recovery phrase, your encrypted data cannot be recovered. There is no backdoor.

File Uploads

When you attach a file in a conversation, Sylva uploads it directly from your browser to Supabase Storage — it never passes through an intermediate application server. This matters for two reasons:

  • Privacy — Your file contents aren't routed through additional infrastructure, reducing the surface area where data could be intercepted or logged
  • Reliability — Large files upload more consistently because there's no middleware timeout or request-size limit in the path

Once the upload completes, Sylva creates the attachment record, generates a signed URL, and — depending on the file type — automatically extracts text or generates an image description so the content is searchable in your conversations.

Session Timeout

Control how long Sylva stays unlocked after you stop using it. Options:

  • 15 minutes, 30 minutes, 1 hour, 4 hours, 8 hours, or never

Configure in Settings > Security.

Session timeout setting

Exporting Your Data

You own your data. Export everything at any time:

Export your data

  1. Go to Settings > Security
  2. Click Export Data
  3. Choose your format:
    • JSON — Machine-readable, good for backups or moving to another system
    • Markdown — Human-readable, great for personal archives
  4. Your data downloads to your device

Deleting Your Account

You can permanently delete your account and all associated data from Settings > Account. This removes everything — threads, messages, tasks, meetings, files, and settings. This action cannot be undone.

Was this helpful?