Local-first encryption (AES-256) in plain language

Sensitive health data at rest is protected with AES-256-grade encryption on your device. That means files and database pages are unreadable without the device unlocking flow you configure.

Encryption keys are tied to the secure storage APIs of iOS and Android, not to a FichaMed account in the cloud — because there is no cloud vault for your medical content.

When you open FichaMed, the OS decrypts what is needed in memory for you to work. We do not receive a copy of decrypted records on our servers.

If you lose the device and cannot unlock it, recovery follows the same rules as other encrypted local apps: backups and passcode recovery depend on your platform, not on FichaMed reading your data.