We can't decrypt your data. Nobody can.

Afina has no physical way to read your sensitive data. On first launch a secret key is generated on your device — it seals cookies, vault secrets and account variables before they ever touch disk or the cloud. The key itself is encrypted with your master password, which you remember rather than store on the device. Without the master password nobody, including us, can decrypt your data.

There's no recovery — we don't keep a copy of your password and have no way to decrypt your secret key. A reset just wipes the encrypted blobs. Same model as non-custodial crypto wallets: keys and the responsibility for storing them sit with the user. Keep a backup of your master password in a password manager or a trusted offline place.

The key lives locally on your device, encrypted with your master password. Afina's cloud sync is fully optional — you can keep everything local or plug in your own Google Drive as a backup store. Either way the cloud sees only sealed blobs; without your master password they can't be decrypted.

Yes. Every extension, RPA script and Node.js module carries an Ed25519 signature over an md5 manifest of all files. The executor verifies the signature before each run — if even one byte has changed, execution refuses. This protects against supply-chain swaps and accidental artifact corruption.

No — we hold neither your key nor your master password, so there's nothing to decrypt with. We can hand over the sealed blobs we host in the cloud (if you enabled sync), but without your master password they're cryptographically useless. This is enforced by architecture, not by policy.

On every device you enter the same master password — it decrypts your secret key, which was generated once at first signup. Sealed blobs transit through the Afina cloud or your Google Drive as ciphertext; the key and the master password never travel over the network.