Logolorebase
Back to Home
Safety & Architecture

Security Policy

LAST UPDATED: MAY 20, 2026

Security is built into the foundation of Lorebase. Rather than trying to secure a massive remote cloud storage cluster containing all user content, we secured your data by keeping it in your hands.

1. Local-First Sandbox

The primary security layer of Lorebase is its offline-first architecture. The desktop application runs standalone, meaning:

  • Your data is never transmitted to cloud databases run by Alkali Softworks or third parties.
  • There is no central web API surface that can be hacked to expose your private files or maps.
  • The desktop application works completely offline, eliminating remote network exploits when not in collaboration mode.

2. Database Encryption

In the interest of open standards, data portability, and user ownership, the Lorebase local database is not encrypted. This ensures you can always open, query, and migrate your data using standard, open-source SQLite viewers and tools.

To protect your work from unauthorized local physical access or device theft, we strongly recommend enabling full-disk encryption on your operating system:

  • macOS: Enable FileVault via System Settings.
  • Windows: Enable BitLocker or Device Encryption via Control Panel.
  • Linux: Use LUKS encryption on your system drive partitions during OS installation.

3. Network Sync Security

When enabling co-editing or multiplayer sessions, Lorebase initializes a secure WebSocket listener using Yjs state sync:

  • Direct Connections: Clients connect directly to your host IP address. This bypasses intermediary cloud servers, keeping traffic local to your router or network switch.
  • Remote Co-editing: If you need to collaborate over the internet, you can utilize our integrated, optional secure VPN service to easily connect. Alternatively, standard 3rd party overlay networks or VPNs are usable alternatives.

4. Backup Guidelines

To protect against accidental database corruption, Lorebase automatically performs a local database backup, saving a copy of base.db as base.db.bak in the vault directory under a .lorebase folder.

However, because we do not store your files on any remote servers, we cannot recover lost data in the event of local drive failure, operating system crash, or physical device loss.

We highly recommend incorporating your Lorebase workspace directories into your routine external backup policies (e.g. Backblaze, BorgBackup, Time Machine, Duplicati) or initializing a local git repository in your workspace folder for revision history tracking.

5. Reporting Issues

If you identify any security issues, vulnerabilities, or bug vectors in the Lorebase desktop application, network sync interface, or website, please contact us directly.

Please email security alerts to:

contact at lorebase dot app