Monk PortfolioDocs
HomeOpen App
Architecture

Security & Encryption

Monk Portfolio uses modern, well-vetted cryptography to make sure your portfolio data is readable by you and nobody else — not by us, not by a compromised server, not by a future employee, not by anyone who intercepts network traffic.

TL;DR
Your portfolio is encrypted with AES-256-GCM using a key derived from your device's biometric passkey. The key never leaves your device, and the server only ever sees an opaque encrypted blob. A wrong passkey gives a clear error, never garbage data.

What gets encrypted

When encryption is enabled, every meaningful unit of data you create in the app is encrypted individually before it is written to device storage or sent over the network:

  • Your portfolios and the assets inside them
  • Your saved views (columns, sort order, chart period, targets)

If the wrong key is ever presented, decryption fails with a clear error — you never get silently corrupted or garbage data.

The primitives we use

We stick to standards shipped by every major browser and OS — no bespoke crypto, no hand-rolled ciphers.

CipherAES-256-GCM
KeyDerived from your passkey and biometrics — never leaves your device
TransportHTTPS / TLS on every endpoint — and your portfolio is already ciphertext before it leaves your device

Where the key comes from

The hardest part of any encryption system is making sure the right person — and only the right person — can produce the key. Passwords are easy to phish and forget. Server-held keys defeat the point. So we use a passkey: a credential that lives inside your device's secure hardware and can only be unlocked by your biometrics.

1
You enable Sync & EncryptionYour device registers a platform passkey, protected by Face ID / Touch ID / Windows Hello. The private key never leaves the secure enclave.
2
Biometrics derive the keyA biometric check unlocks your passkey, and the AES-256 key is derived from it on-device, in memory. The key material never leaves your device's secure hardware.
3
Your portfolio is encrypted locallyEverything is encrypted and decrypted with that in-memory key, which never touches disk or network. Reopening the app just re-derives it with another quick biometric check.
Why passkeys over passwords
Passkeys are phishing-resistant by design: the authentication is bound to the app's exact origin, cannot be typed, pasted, or re-used, and requires a live biometric prompt on your device. That's a fundamentally higher bar than any password can reach.

What the server can and can't do

The server can
  • Store your encrypted blob, versioned by time
  • Verify that a passkey registered for that blob is present
  • Return the blob to any device that authenticates
  • Log anonymous events like “sync push succeeded”
The server cannot
  • Read the blob — it has no key and no way to derive one
  • Link the blob to any identity, name, or email
  • Perform a password reset (there is no password)
  • Recover your data if you lose every device and your backup

Turning encryption off

You can disable sync & encryption at any time from Settings — see Your Data for exactly what happens to your local and server copies.

Last updated May 30, 2026