Kition
Download
Local-first & privacy

Security: local-first vs cloud notes

The biggest cloud-notes attack surface is the vendor. For local-first, it is your machine. The first is out of your hands; the second is not.

Kition Team·Apr 11, 2026·6 min read

Threat model

  • Cloud: phishing, vendor breach, compliance gaps → full leak
  • Local: lost laptop, unencrypted disk, unencrypted backup → your scope

What you should still do locally

  • Full-disk encryption (FileVault / BitLocker)
  • Git-push the vault to an encrypted remote
  • Include `.kition/` in backups
  • Rotate API keys periodically
Back to blogMore in Local-first & privacy

Related reading

Local-first & privacy

Privacy practices for lawyers and consultants

Client cases, drafts, billing — what to feed AI, what to keep strictly local, and how to enforce it via hooks.

Local-first & privacy

Where does Kition keep your data? File layout, explained

Under `<Vault>/`: `.md` files, `.kition/`, `Tables/` — one diagram covers it.

Ready when you are.

Kition is a local-first AI workspace. Markdown documents, structured tables, and an AI agent — running on your own machine, against the model provider you choose.

Download KitionPricing