Skip to content

🔒 Security & privacy

  • Nothing in third-party clouds. Photos, mail, finances and documents live on your own hardware.
  • Default-deny outbound: NoCloudMe's own pieces can't reach the internet unless they declare it; the home server never calls out to GitHub at all. See Network & outbound traffic.
  • Double perimeter: LAN or VPN (WireGuard) to reach it; SSO (with optional 2FA) to get in.
  • Secrets stay out of the code: keys and tokens live in local files, never in the repository.
  • Backups and reversibility: a snapshot before every write, daily backups, replication across machines. Bulk changes to your archive are one undo away and explain themselves — see Curating your archive.
  • Auditing: web changes are logged with the user, the date and the details.
  • Permission panel: the AI assistant works under switches you control one by one; a permission switched on is a ceiling (what it's allowed to do), never a command.
  • Courtesy toward your machine: heavy work freezes while you're typing and resumes once you stop.
  • Point-and-count rule: with sensitive data like your messages, the machine builds the infrastructure and counts, but never reads or classifies the content — reading is for you alone.
  • Connectors, disclosed and boxed in: a connector can only write the database tables its manifest declares, and it never sends SQL — it hands parsed rows to a shared, safe ingest engine. See The Store.