The things you track here are personal. This app is designed so that nobody but you — not Google, not our database, not us — can read your habit data.
Habit names, notes, scores, numbers, and timer details are encrypted in your browser with AES-256-GCM. Each record uses a fresh data key that is wrapped with a post-quantum key (ML-KEM-1024) so a future quantum computer still cannot decrypt your archive.
After Google sign-in you choose a private passphrase. It derives a key (Argon2id) that wraps your master key. The passphrase never leaves your device. If you lose it, your encrypted data cannot be recovered.
Google OAuth proves who you are. It is not used as the encryption secret. Google cannot read your tracked habits.
Only ciphertext, IVs, wrapped keys, your user id, and minimal metadata required for queries (the date of an entry, the ids of related rows, timestamps). No habit name, note, score, or timer detail is ever stored in plaintext.