The read-only past is a really smart design choice. I build local-first apps and it's always tempting to add edit-everything flexibility, but constraints like this are what keep a tool focused and actually useful.

How does the Supabase sync work with the E2E encryption? Client-side encrypt before anything leaves the browser?

▲

katspaugh 7 hours ago | parent [-]

Thanks! Exactly, client encrypts before syncing. Decryption keys are wrapped/encrypted with your password. If you change the password, only the decryption keys are re-encrypted, not your notes.

	▲	redgridtactical 6 hours ago \| parent [-]
		Smart approach with the key wrapping. Re-encrypting every note on a password change would be brutal at scale. Do you have a recovery path if someone forgets their password, or is it truly zero-knowledge where the data is just gone?