Every privacy policy says something like "your data is secure." Almost none explain what that means technically. Sometimes it describes a database sitting on your phone. Sometimes it describes an encrypted file on a server you've never seen. Two entirely different setups, one reassuring sentence. Here's what "on-device" requires, so you can check for yourself instead of taking a company's word for it.

Three different things people mean by "your data is safe"

Encrypted-in-transit. Data still leaves your device and lives on a server, just protected while traveling between the two. This is the bare minimum most apps do. It says nothing about who can read your data once it arrives.

Encrypted-at-rest. Data lives on a server, but scrambled so the company hosting it can't easily read it. Better. But the data has still left your device, and you're trusting an encryption implementation and a key-management setup you can't inspect.

On-device, or local-first. Data never leaves your device in the first place. No server is involved unless you explicitly turn on a sync or backup feature. This is the only version where "your data is private" doesn't rely on trusting a company's policies, because the data was never there to trust them with.

CLOUD-BASED APP Phone Server data sent data returned LOCAL-FIRST APP Phone data nothing leaves the device

A cloud-based app round-trips data through a server on every use. A local-first app never sends it anywhere unless you turn a sync feature on yourself.

How to check if an app is local-first

  • Turn off your phone's internet connection. Then use the app's basic features: add a note, mark a habit complete. If it stops working, or a note fails to save, some part of it needs a server no matter what the marketing says.
  • Check whether the app works before creating an account. A mandatory sign-in screen before you've typed a single word is a strong signal cloud storage is required, not optional.
  • Read the permissions list. An app requesting "Internet access" as a required permission for a note-taking or habit app is telling you something.
  • Look for the specific phrase. "Local storage only" or "no cloud sync." Not "encrypted" or "secure," which don't rule out a server at all.

Why this matters beyond privacy

On-device storage isn't only about hiding data from a company. It also means the app keeps working with no signal: on a plane, underground, in a dead zone. There's no server to go down or get shut off if a company folds. And there's nothing to leak in a data breach, because there's no single database sitting somewhere waiting to be breached.

What this looks like in practice

Kaiyo Notes is built this way. Every note is written to local storage using Android's standard on-device database. Nothing transmits anywhere unless you manually turn on optional Google Drive backup, and that's opt-in per install, not a default.

Common questions

Does "no cloud" mean I can't back up my notes?

It means backup isn't automatic or forced. Kaiyo Notes, for example, offers optional backup you turn on yourself. The app won't do it silently in the background.

If an app is local-only, how do I move notes to a new phone?

Most local-first apps support manual export: a .txt file, a folder of Markdown files, or an optional backup feature you control directly. Local-first apps make this a deliberate action, not an automatic sync.

See how Kaiyo Notes handles this No account, local storage by default, optional backup you control.
See Kaiyo Notes →