3 min read
How Is My Data Encrypted?
A look at the encryption protecting your health data on your device.
AES-256 encryption
Encryption Overview
Lova uses AES-256 encryption to protect your health data. This is the same encryption standard used by banks, governments, and security-conscious organizations worldwide.
What Gets Encrypted
All sensitive health data is encrypted, including:
Period dates and cycle data
Symptoms and moods
Fertility tracking data
Pregnancy data
Notes and observations
How It Works
Database Encryption
Your data is stored in a SQLite database encrypted with SQLCipher:
- • The entire database file is encrypted at rest
- • Data is decrypted only in memory when needed
- • Even if someone copies your database file, they can't read it
Key Storage
Encryption keys are stored in your device's secure storage:
| Platform | Key Storage |
|---|---|
| iOS | Keychain (Secure Enclave on supported devices) |
| Android | Android Keystore (hardware-backed when available) |
| macOS | Keychain |
| Windows | DPAPI (Data Protection API) |
| Linux | Secret Service (GNOME Keyring / KWallet) |
| Web | Web Crypto API + IndexedDB |
ℹ️
Hardware Security
On devices with hardware security (Secure Enclave, Titan M, etc.), encryption keys are protected by dedicated security hardware, making them extremely difficult to extract.
Encryption in Transit
When you sync between devices:
Pre-encrypted
Data is encrypted before leaving your device
TLS 1.3 protection
Connection protected by latest TLS standard
End-to-end
Only your devices can read the data
What We Can't Do
Cannot read your data
We don't have the keys
Cannot decrypt if you lose device
No recovery mechanism exists
Cannot provide to third parties
Even if legally compelled
Cannot "reset" encryption
No master key or backdoor
⚠️
No Recovery Option
If you lose all your devices and have no backup, your data is gone. We cannot recover it. This is a feature, not a bug - it's the privacy guarantee.
Verifying Encryption
You can verify our encryption claims:
Review source code
Encryption implementation is open
Audit database files
Unreadable without the key
Monitor network traffic
No unencrypted health data