Technical deep-dive

Security without a server perimeter.

Peach is built so that the strongest claims are architectural, not procedural: no hosted vaults, no account database, and no product telemetry stream to “promise” not to misuse. The trust boundary stays on the user’s device and on explicitly paired peers on the local network. The public website uses only generic analytics for traffic and performance and is not a product identity layer.

peach:v2:entries=247:zstd:aes256gcm:argon2id

Zero-knowledge vault encryption

Zero server dependency

No account creation

No product telemetry

Local-network peer-to-peer sync only

Portable CJK phrase restore path

Vault container

Peach encrypts vault data locally before it ever leaves process memory boundaries intended for serialization. The portable backup phrase is derived from the encrypted container rather than from plaintext records.

Compression: Zstandard on the structured vault payload before encryption.
Encryption: AES-256-GCM for authenticated confidentiality.
Key derivation: Argon2id with per-vault salt and high-memory parameters tuned for interactive unlocks.

Zero-knowledge architecture

There is no hosted account system, no recovery backend, and no product telemetry stream. Recovery material exists only as the local vault container and the exported CJK phrase representation generated on-device.

No email addresses, usernames, or device identifiers are required for unlock or restore. Your master passphrase still is.
No vault material is escrowed on remote infrastructure.
All restore flows are deterministic from user-held material.
Generic website analytics, when present, are limited to traffic and performance measurement and are not tied to product accounts because no product accounts exist.
Crypto payments can reduce personal billing traceability, but any blockchain payment still has an on-chain record outside Peach.

CJK phrase encoding

The phrase format is a dense textual transport wrapper around the encrypted vault package. Each export is a point-in-time snapshot of the vault data in that moment. Peach uses a fixed CJK alphabet for portability rather than semantics: the larger symbol set carries the encrypted payload in fewer visible characters than a long ASCII string, while staying copyable, storable, and restorable with the user’s master passphrase instead of any vendor backend.

Why CJK: the fixed character set keeps the export shorter and more structured than a plain alphanumeric transport string.
Snapshot semantics: the phrase reflects the vault state at export time rather than acting as live sync.
Header format: `peach:v2:entries=247:zstd:aes256gcm:argon2id`.
Payload: compressed encrypted vault blocks encoded into a fixed CJK character alphabet.
Integrity: authenticated decryption rejects tampered or truncated phrases.

Peach Sync protocol

Sync is peer-to-peer on the local network. Devices pair once, authenticate directly, and exchange encrypted vault deltas without relaying through a third-party service.

Transport is limited to user-initiated paired devices on the same network segment.
Session keys are ephemeral and scoped to sync traffic rather than reused as the vault master key.
If no peer is present, nothing leaves the device.

Threat model

Peach is designed to remove server-side breach classes, account takeover risk, and silent product telemetry collection. It does not claim to defeat a fully compromised endpoint or a user who reveals the unlock secret.

Protects against hosted vault theft because no hosted vault exists.
Protects against passive network collection when no sync or breach check is initiated.
Does not protect against malware already controlling the unlocked device.

Network behavior

Default state

Peach does not require network access to unlock, browse, edit, export, or continue using a licensed installation. With no user-initiated action, there is no background service to contact.

Explicit exceptions

Two product flows can touch the network: Peach Sync when paired devices exchange encrypted data on the local network, and breach monitoring when a k-anonymity prefix is sent for password exposure checks. The marketing website separately uses generic analytics for traffic and performance only. None of these paths creates a hosted Peach account or remote Peach vault.