Last Updated: February 7, 2026
FlashMesh uses standard AES-GCM 256-bit encryption. All cryptography happens locally on your computer (via the Desktop Engine) or within your browser's private context (via Web Crypto API). FlashMesh never receives your unencrypted data.
Your encryption keys are derived using PBKDF2 with 200,000 iterations. While robust against brute-force, the security of your data depends entirely on the strength of your Master Password.
Since FlashMesh stores chunks on Google Drive and Dropbox, their service availability is outside our control. If these providers delete your "FlashMesh" system folder, your data will be lost. We recommend maintaining a local backup of critical files.
While we obfuscate our web-client code to prevent casual scraping, any determined party can inspect the logic running in their own browser. We provide this software for transparency, but use in high-stakes environments is at your own risk.