Security and Data Storage
Melon's local Vault, encryption flow, service boundary, and data storage model.
Where data lives
Melon's primary data lives in the local Vault folder you choose. That folder can be a normal local folder, or it can live inside iCloud Drive, OneDrive, Syncthing, Feiniu, NAS sync, or a similar local-sync tool.
The Melon service does not take over your plaintext workspace. It stores account data, login sessions, licenses, plans, teams, members, permissions, and the key envelopes and metadata required for team collaboration.
Encryption flow
Melon's default order is local encryption first, then sync or collaboration:
- Create or open a local Vault.
- The master password derives a local master key with Argon2id.
- The Vault manifest is encrypted with the master key.
- Each document is encrypted with its own document key.
- Each document key is wrapped by the master key.
- Sync, backup, and team collaboration process encrypted Vault files.
Vault content uses XChaCha20-Poly1305. The Melon service does not store plaintext keys, plaintext settings, or plaintext content that can directly open your Vault.
What the service stores
The Melon service stores:
- account profile and login session data
- license, plan, and order state
- teams, members, and permission relationships
- Team Vault metadata
- key envelopes needed for team collaboration
This data supports account access, purchasing, authorization, and collaboration boundaries. It is not used to host your plaintext materials.
What you need to keep
- Master password: used locally to unlock and derive encryption material.
- Recovery key: the last-resort recovery mechanism.
- Vault folder: your primary data directory.
- Sync storage credentials: if you use S3/R2/OSS/MinIO, you configure and manage those credentials.
If both the master password and recovery key are lost, the Melon service cannot reconstruct plaintext content for you.