Encrypted sync in Pro

Encrypted Sync in Pro for Local-First Weekly Planning

WeekFlux is a local-first weekly planner. Encrypted sync is an opt-in Pro feature that carries your plan between devices with planner data encrypted before upload.

WeekFlux keeps your tasks, time blocking, focus sessions, habits, notes, weekly review, and work and private spaces on your device by default. That local-first foundation is what makes the planner fast and dependable offline.

Encrypted sync is for the moments you want the same plan on more than one device. It is a Pro feature you opt into, and it is built so that planner data is encrypted on your device before anything is sent.

Written by
WeekFlux
Product team
Updated
June 2026
Guide for calm weekly planning
Checked for
Product details, privacy wording, and visible WeekFlux features.

A Pro-gated, opt-in feature

Encrypted sync is part of WeekFlux Pro, and it is off until you turn it on. Local-first remains the default for everyone, so the planner works fully on a single device without sync.

Because it is opt-in, you decide if and when your plan leaves your device. Choosing not to enable sync changes nothing about how the local planner behaves.

Opt-in setup

When you enable sync, you protect encrypted sync with a password. From that password WeekFlux derives an encryption key locally, using PBKDF2-HMAC-SHA-256 at 600,000 iterations, so the work of turning your password into a key happens on your device.

At setup you also receive a one-time recovery key. It is a backup way to recover encrypted synced data if you ever forget your password, so store it somewhere safe and separate from the device.

Inside encrypted sync

Encrypted sync uses standard cryptography from the browser's native Web Crypto API, not homegrown algorithms. A single random data key encrypts your planner, and that data key is then wrapped separately by your password, your recovery key, or a passkey — an approach called envelope encryption. This is what lets you change your password without re-encrypting everything.

At a glance

  • AES-256-GCM authenticated encryption for your planner data.
  • Keys derived with PBKDF2-HMAC-SHA-256 at 600,000 iterations.
  • A unique salt and a fresh IV for every encrypted item.
  • Envelope encryption: a random data key wrapped by password, recovery key, or passkey.
  • Planner data is encrypted before upload.
  • The app rejects any attempt to upload unencrypted planner data.

Device-to-device sync

Once sync is on, your encrypted plan moves between your devices: start on the desktop, continue on mobile, and the changes follow. Everything is encrypted locally before it is sent and decrypted only on a device that holds your key.

On supported devices you can unlock with a passkey or biometrics through the WebAuthn PRF extension, so the unlock secret never leaves the device. A configurable auto-lock clears the key from memory after a period of inactivity, which is useful on shared or mobile devices.

Wrong-password safety

Entering the wrong password simply fails to decrypt — it does not delete or corrupt anything, and your local data stays intact.

The trade-off is real and worth stating plainly: if you lose both your password and your recovery key, encrypted synced data may not be recoverable. Keep your recovery key somewhere safe and separate from the device.

Local-only fallback and backups

Sync is always optional. If you go offline, WeekFlux falls back to local-first so you can keep planning, and changes reconcile when you reconnect. If you later disable sync, your local data stays on the device untouched.

Backups and exports remain available regardless of sync, and encrypted backups use the same encryption scheme. Your data stays portable whether or not you ever turn sync on.

FAQ

Is encrypted sync required to use WeekFlux?

No. WeekFlux is local-first by default, and encrypted sync is an opt-in Pro feature. The planner works fully on a single device without ever enabling sync.

What does encrypted before upload mean here?

It means planner data is encrypted on your device before sync sends it. The local-first planner remains available without enabling sync.

What encryption does sync use?

Encrypted sync uses AES-256-GCM via the browser's Web Crypto API, with keys derived using PBKDF2-HMAC-SHA-256 at 600,000 iterations and a unique salt and fresh IV per item. A random data key encrypts your planner and is wrapped separately by your password, recovery key, or passkey.

What happens if I type the wrong password?

Nothing is lost locally. Entering the wrong password simply fails to decrypt, and your local data stays intact. If you lose both your password and your one-time recovery key, encrypted synced data may not be recoverable.

Plan on every device, encrypted end to end.

Encrypted sync is part of WeekFlux Pro. Start with the local-first planner, then opt in to cross-device sync at founder pricing during the beta.