Same Note On Every Device. Keys Stay With You.

Short answer: open Settings, turn on Cloud Sync, set a passphrase you will remember, and AICHE encrypts every note on your device before it leaves. The same notes appear on your other AICHE devices within seconds, and we cannot read any of them on our servers.

The problem this solves

You record a thought on your Apple Watch during a walk, then sit down at a Linux desktop to write, and the note isn't there. The usual fix is to pick a cloud notes app that reads everything you ever wrote, or to give up and email yourself voice memos. Neither feels right when the notes are personal, work-sensitive, or just yours.

How it works

1. Open AICHE on any device and go to Settings, then Cloud Sync. It is off by default. Nothing leaves your device until you turn this on.
2. Toggle Cloud Sync on. AICHE prompts you for a passphrase. This passphrase derives your encryption key via Argon2id (memory=65536 KiB, iterations=3, parallelism=4). It never gets sent to us, and we have no copy of it.
3. Pick a passphrase you can remember and store it somewhere you trust (password manager, paper, your head). If you lose it, your synced notes cannot be recovered by us. That is the design, not an oversight.
4. Repeat the steps on each device you want in sync: iPhone, iPad, Apple Watch, Android, macOS, Windows, Linux. One subscription covers all your devices, up to your plan's device limit.
5. Record a note on any device. AICHE encrypts it locally with AES-256-GCM, then ships the ciphertext to our servers over modern TLS.
6. Your other devices pull the ciphertext, decrypt it with the key derived from your passphrase, and the cleaned-up text appears within seconds.
7. To rotate the passphrase, change it from any signed-in device. Re-enter the new passphrase on your other devices the next time they sync.

Heads-up: sync is opt-in for a reason. If you only use AICHE on one machine and prefer local-only storage, leave it off. The app works fully on each device independently. Cloud sync is the bridge between devices, not a requirement to use the product.

The pro-tip: turn sync on once you have a passphrase you will still remember six months from now. Mid-flow is a bad time to invent one.

What "end-to-end encrypted" actually means here

Most "encrypted cloud" sync means the provider holds a key they could use if subpoenaed or breached. AICHE's model is different in a specific, testable way.

Encryption at rest: AES-256-GCM. Every note is encrypted on your device before it touches the network. The ciphertext is what lands on our servers. The plaintext never does.

Key derivation: Argon2id. Your passphrase runs through Argon2id, a memory-hard key derivation function designed to resist GPU-accelerated brute force. The output is the symmetric key. We do not store the passphrase, the key, or anything that could be used to derive them.

Encryption in transit: modern TLS. Sync traffic moves over modern TLS on iOS, macOS, Windows, and Linux, and over the platform-negotiated TLS (1.3 where the OS supports it) on Android. The iOS and Android apps additionally pin the expected server certificates, which blocks the "rogue CA issues a fake cert" attack that defeats vanilla TLS. Other clients use the platform TLS stack with standard validation.

Recovery: you, not us. If you forget the passphrase, we cannot reset it. There is no "email a recovery link" path. The tradeoff is honest: zero-access on our side means no recovery on our side. You hold the key, or it is gone.

This is the standard for "we built it so we could not read your data even if we wanted to." You should be skeptical of any sync product that markets E2EE while also offering "we will help you recover" - that means they have access.

Cross-platform sync, all seven native targets

Sync covers the full AICHE platform set: iPhone, iPad, Apple Watch, Android, macOS, Windows, Linux. Not a subset, not "mobile mainly, desktop later." All seven.

What this looks like in practice: tap the Watch on a walk, speak a 30-second idea, stop. The Watch records directly to the cloud over its own connection - Wi-Fi, cellular, or paired-iPhone tether. On a cellular Apple Watch (Series 5+ LTE), recording works fully standalone - leave your iPhone at home, run on the beach, the recording uploads from your wrist. The transcript flows through our encrypted pipeline, and within seconds the note appears on your iPhone, your Mac, your Windows work laptop, your Linux dev box, and your Android tablet. You sit down at whichever device is closest and keep going.

The same goes the other direction. Dictate a long meeting summary on a Windows desktop, walk away, pull out your iPhone, and the note is there. The encryption key lives on each device because you typed the passphrase in. The server holds ciphertext only.

One subscription, every device. There is no work-seat / personal-seat split: if you bought AICHE on your work Mac, you can use the same subscription on your home iPhone, an Android tablet, your Linux dev box, and your Windows laptop. Pro covers up to 10 devices. Sign in from any device and manage your active sessions from one dashboard - bought it on iPhone, use it on Mac, on Linux, in Chrome, on Android - one subscription follows you everywhere.

Sign in your way. Apple, Google, GitHub, or an email magic-link - four methods, same account on every platform. On Android, OAuth runs through verified App Links, so you do not get bounced through a browser tab on the way in.

See and revoke any device. The Manage Apps screen on your account dashboard lists every device currently signed in to your account. Lost a phone? Sold an old Mac? Revoke its session in one click and that device drops out of sync.

What is on the server vs. what is on your device

A short, concrete breakdown, because this matters and most marketing pages fuzz it.

On your device, encrypted at rest:

• The plaintext of every note you have recorded, in a database protected by the platform's at-rest encryption (iOS Data Protection on iPhone / iPad, a hardware-bound AES-256 secure store on macOS, equivalent platform mechanisms on Windows, Linux, and Android).
• The encryption key derived from your passphrase, held in memory while the app is open.
• Your custom vocabulary, settings, and the offline / pending-processing queue if any.

On our servers, ciphertext only, when sync is on:

• The AES-256-GCM ciphertext of each synced note.
• The minimum metadata required for sync to function (a note ID, a created-at timestamp, a device ID). The content itself is opaque to us.
• Your account email and subscription state, kept separately from the synced content.

Never on our servers:

• Your passphrase.
• The encryption key derived from it.
• The plaintext of any synced note.
• Audio. Audio is purged immediately after transcription, within 1 second, regardless of sync state.

Passphrase resets are user-controlled

You can change your passphrase from any signed-in device. The change re-encrypts your data with the new key and pushes the new ciphertext up. Your other devices will need the new passphrase the next time they sync.

If you lose the passphrase entirely, the synced data on the server stays ciphertext we cannot read. The fix is to set a fresh passphrase on a device that still has plaintext locally (each device keeps its own copy) and resync from there. If you lost both the passphrase and access to every device that held the plaintext, the data is gone. That is the design.

This sounds harsh until you compare it to the alternative. A "we can reset your password" sync product is, by definition, a sync product where someone other than you can read the data. Pick the model you actually want.

Tips

Pick a passphrase you will remember in a year. A short sentence with personal meaning beats a high-entropy random string you will lose. Argon2id makes brute-forcing expensive; you do not need a 40-character monster.

Store it in your password manager. Treat the AICHE passphrase like the master password for a vault. 1Password, Bitwarden, Apple Passwords, KeePass, whichever you already trust.

Set up sync on day one, not day 90. Once you have hundreds of notes on one device, adding sync still works, but the initial encrypt-and-upload pass takes longer. Day one is cheap.

Combine sync with Apple Watch and the Android widget for true cross-device capture. Watch recordings and widget recordings flow through the same encrypted pipeline. A thought captured on your wrist on a Tuesday walk is on your Linux dev box on Wednesday morning.

Leave sync off if you do not need it. A single-device user with local-only notes gets a strictly smaller attack surface. The product does not punish you for opting out.

Result: notes recorded on any of 7 native AICHE platforms reach your other devices within seconds, encrypted with AES-256-GCM under a key only you can derive, with zero ability for us to read them on our servers.

Try it now: open AICHE Settings, find Cloud Sync, set a passphrase you will remember, and record a 10-second note on one device. Open AICHE on a second device, enter the same passphrase, and watch the note appear.