Skip to content

Guide

How encrypted mobile sync works in FolioInsights

Encrypted mobile sync is currently in beta for allowlisted paid accounts, but the security model is public. Your DeGiro transactions are encrypted in your browser, and the sync database stores ciphertext only.

Last updated: · by FolioInsights

Short version: FolioInsights mobile sync encrypts your transactions before they leave your browser. The server stores an unreadable blob plus metadata needed to sync it. Without your master password, a database export does not reveal your trades, holdings, balances, or cost basis.

Availability

Encrypted mobile sync is in beta. The article is public because the design should be easy to inspect, but the product feature itself is still limited to allowlisted paid accounts while we test the device flow, password-change path, and conflict handling.

The normal FolioInsights dashboard still works without sync: your DeGiro account.csv is parsed and stored in this browser. Sync only changes whether an encrypted copy can be pulled onto another device, usually your phone. Live prices and FX rates are separate: the dashboard may request market data for ISINs and currency pairs, but that is not encrypted transaction sync.

What the sync server stores

After you enrol, the sync row is keyed to your email and contains only the pieces needed to store and version an encrypted copy.

  • Your account email, used to find the right encrypted sync row.
  • A ciphertext blob containing compressed transaction data encrypted in the browser.
  • A wrapped data key, which is the random encryption key locked by your master password.
  • Sync metadata such as revision number, update time, rough blob size, envelope version, salt, and IVs.

How the encryption flow works

  1. You choose a master password. It stays in the browser and is never sent to FolioInsights.
  2. The browser derives a master key with PBKDF2-HMAC-SHA256, a random salt, and 600,000 iterations. The delay is intentional: it makes offline password guessing much slower.
  3. The browser generates a random AES-GCM 256-bit data key. This key encrypts your transaction history.
  4. The data key is wrapped with the master key, so a password change can re-wrap a small key instead of re-encrypting the whole history.
  5. The encrypted transactions and wrapped key are uploaded. The server can replace and version the blob, but it cannot decrypt it from the database alone.

Why FolioInsights uses a separate data key

A separate data key keeps password changes fast. Your portfolio history can grow large, but the wrapped key is tiny; changing your master password only re-locks that key.

This is a re-wrap, not full key rotation. A device that already remembered the data key can still decrypt until you use “Forget device” there or disable and re-enrol sync with a fresh key.

What Remember on this device does

Remembering a device trades a password prompt for a local unlock credential. It does not send the device secret to FolioInsights.

  1. The browser generates a random 32-byte device secret and stores it in IndexedDB.
  2. That device secret wraps a local copy of the data key.
  3. On your next visit, the browser can unlock the data key silently until you choose Forget device.

The trade-off: anyone who can use your unlocked browser profile, read same-origin storage, or run script in that browser can unlock the synced copy. Leave Remember on this device off for shared or high-risk devices.

What this protects against

  • Database leaks: the leaked sync row is ciphertext plus a wrapped key, not readable transaction data.
  • Server-side storage access: someone with database access still needs your master password or an unlocked client.
  • Network tampering: TLS protects the transport and AES-GCM authentication detects modified ciphertext.

What it does not protect against

  • Weak master passwords: a short dictionary password can still be guessed offline. Use a long passphrase or a password manager.
  • Compromised devices: malware, a stolen unlocked laptop, or a browser profile leak can expose data after it is decrypted locally.
  • Malicious web app code: like any browser app, FolioInsights must be trusted at the moment you unlock your data.
  • Rollback by the sync service: known devices reject older revisions, but a brand-new device cannot independently know whether the first blob it receives is the newest one.
  • Forgotten passwords: there is no reset button. If FolioInsights could reset the password, the stored blob would not be zero-knowledge.

Specifics for the curious

  • KDF: PBKDF2-HMAC-SHA256, 600,000 iterations, 16-byte random salt.
  • Cipher: AES-GCM-256 with a 12-byte random IV and 128-bit authentication tag.
  • Compression: gzip is applied before encryption to reduce blob size and partially obscure plaintext length.
  • Versioned envelope: every blob carries an envelope version so future clients can support upgraded layouts or algorithms.
  • Implementation: browser-native Web Crypto API, with no third-party crypto library bundled into the client.

How this compares to password vaults

The pattern is similar to tools like Bitwarden and 1Password: a slow KDF turns a memorable password into a key, a random per-vault data key is wrapped under it, and authenticated encryption protects the actual data. FolioInsights applies that pattern to portfolio history instead of passwords.

Encrypted mobile sync FAQ

Can FolioInsights reset my master password?

No. The master password is not stored by FolioInsights, and the server does not have enough information to derive it. Losing it means the synced copy cannot be recovered.

Can FolioInsights decrypt my synced transactions?

Not from the sync database alone. The stored row contains ciphertext and a wrapped key, so decrypting it requires the master password or a client that already has the unwrapped data key.

What does Remember on this device do?

It stores a local device secret in this browser and uses it to unlock a cached copy of the data key. That is convenient, but a compromised unlocked device can decrypt without asking for the master password again.

What happens if I disable sync?

The encrypted blob is deleted from FolioInsights sync storage. Your local browser data is left alone, so the dashboard keeps working on that device.

Can I export my encrypted blob for safekeeping?

Not yet. The current sync feature stores one encrypted blob for device-to-device sync; encrypted blob export is a sensible future addition, but it is not available today.

Is this audited?

No formal audit yet. The core envelope code is intentionally small and uses browser-native Web Crypto primitives, but the feature should still be treated as beta while availability is limited per account.

Ready to try it?

Drop your DeGiro account.csv into the browser. One-time €19, lifetime access, your data never leaves your device.

See FolioInsights