The read-only past is a really smart design choice. I build local-first apps and it's always tempting to add edit-everything flexibility, but constraints like this are what keep a tool focused and actually useful.
How does the Supabase sync work with the E2E encryption? Client-side encrypt before anything leaves the browser?
Thanks! Exactly, client encrypts before syncing. Decryption keys are wrapped/encrypted with your password. If you change the password, only the decryption keys are re-encrypted, not your notes.
Smart approach with the key wrapping. Re-encrypting every note on a password change would be brutal at scale. Do you have a recovery path if someone forgets their password, or is it truly zero-knowledge where the data is just gone?
Assuming the user still has access to their browser, the data would be still accessible locally (and I’m planning to add an export function too).