Privacy Policy & License

Data handling

What the plugin accesses

Secure-Smart-Sync reads files from your Obsidian vault in order to sync them. It also reads and writes a small local SQLite database (stored inside your Obsidian config directory) to track sync state. This database contains only file paths, sizes, timestamps, and checksums — no file contents.

What is sent over the network

The only outbound network calls are:

• Your Cloudflare R2 bucket — encrypted file content and metadata. You control this bucket. Cloudflare's own privacy policy governs their storage.
• The pairing relay (sss-relay.xsen1947.workers.dev) — used only during device pairing. The relay transfers an end-to-end encrypted credential bundle between devices. The relay server never sees the plaintext credentials. Relay data is ephemeral and deleted after the pairing code expires.

What is never collected

• No analytics, telemetry, or crash reporting of any kind.
• No user identifiers, email addresses, or account information.
• No file contents in plaintext — encryption happens on your device before any upload.
• The developer has no access to your vault, your bucket, or your credentials.

Local storage

The plugin stores the following locally within your Obsidian vault's config directory:

• Your R2 credentials (endpoint, bucket, access key, secret key) — stored in Obsidian's standard plugin data file, which is local to your device.
• Your encryption password — stored locally in the same file. It is never transmitted to any server.
• A sync state database recording file paths, checksums, and timestamps.
• A randomly generated device ID used to identify sentinel writes — this never leaves your device.

Third-party services

Secure-Smart-Sync integrates with the following external services, each governed by their own privacy policies:

The relay is open-source and self-hostable. See github.com/xensenx/sss-relay. You can deploy your own instance and point SSS to it under Advanced settings.

Open source — inspect the code

Secure-Smart-Sync is fully open source. Every claim made on this page can be verified by reading the source code directly. No part of the codebase is obfuscated or hidden.

MIT License

Secure-Smart-Sync is distributed under the MIT License.

MIT License

Copyright (c) 2024 Sen (github.com/xensenx)

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.