LinkBox Security

Security built into the product, not bolted on later

LinkBox is designed so your links, credentials, and project context stay on your device and remain under your control.

Highlights

What the product is designed to protect

LinkBox uses local-first architecture and focused safeguards so the product can stay lightweight without giving up trust.

Local-Only Architecture

All data stays on your device. No servers ever see your links, notes, or credentials.

Encrypted Sensitive Fields

Passwords and sensitive values are encrypted at rest using your OS keychain for key storage.

Zero Telemetry

No analytics, no tracking, no usage data collection. Your workflow stays completely private.

Principles

Our security approach

TiloBox follows simple, verifiable security principles. We don't make complex claims — just clear commitments.

Local-First by Design

All TiloBox products store data in a local database file on your computer. There is no remote server, no cloud infrastructure, and no API endpoint that your data ever touches.

Encryption at Rest

Sensitive fields — passwords, API keys, tokens, and any field you mark as sensitive — are encrypted before being written to disk. Even if someone copies your database file, they can't read sensitive values.

OS Keychain Integration

Encryption keys are stored securely in your operating system's native keychain (macOS Keychain, Windows Credential Manager, or Linux Secret Service). TiloBox products never store encryption keys alongside your data.

App-Level Password Protection

Set a master password to lock the entire application. On shared machines or when you step away, nobody can access your links and credentials without your password.

Zero Telemetry, Zero Tracking

TiloBox products do not collect analytics, usage data, crash reports, or any form of telemetry. No data is transmitted to any server for any reason. Your workflow is completely invisible to us.

No Accounts, No Identity

There is no signup, no login, no email collection, and no user identity. You download a TiloBox product, install it, and use it. We don't know who you are, and we don't want to.

Placeholder: Local-first architecture diagram

Architecture

Local-first architecture explained

When we say “local-first,” we mean it literally. LinkBox uses a local database file on your machine to store all your data. There is no server component, no sync layer, and no network calls for data operations.

Data Storage

Your links, notes, and categories are stored in a local SQLite-style database file. The file lives in your user data directory and is never sent anywhere.

Encryption

Sensitive fields are encrypted before they hit the database. The encryption key is stored in your OS keychain — a secure, hardware-backed store that TiloBox accesses through standard OS APIs.

Password Hashing

If you set an app lock password, it is hashed (not stored in plaintext) using standard secure hashing algorithms. Even TiloBox itself cannot reverse your password.

Network Requests

The only optional network request a TiloBox product may make is fetching website favicons to display next to your saved links. This can be disabled entirely.

Data Control

Complete transparency about your data

Here's exactly what stays on your device and what TiloBox products never do.

What stays on your device

All saved links and URLs

Link titles, descriptions, and notes

Custom fields and their values

Encrypted passwords and tokens

Categories and organization structure

Visit history and usage counts

App settings and preferences

Import/export backup files

What TiloBox does NOT do

Store data on any cloud or remote server

Collect analytics, telemetry, or usage data

Require account creation or email

Track your behavior or browsing patterns

Share data with any third party

Require internet to function

Phone home or check license servers

Store encryption keys alongside your data

Privacy Model

Privacy through architecture, not promises

We don't ask you to trust our privacy policy. We built TiloBox products so there's nothing to trust — there's simply no data leaving your machine.

No data collection

TiloBox products have no analytics SDK, no error reporting service, no crash collection, and no usage tracking. There is literally no code path that sends your data anywhere.

No server infrastructure

There is no TiloBox server. No API. No backend. No database in the cloud. The entire application runs on your computer as a standalone desktop app.

Verifiable claims

Everything we state on this page can be verified. Run a network monitor while using LinkBox — you'll see no outbound connections (except optional favicon fetching). Check the data directory — you'll find a local database file and nothing else.

Your data, your control

You can export, back up, move, or delete your data at any time. TiloBox products impose no lock-in and give you full ownership of everything you store.

Read the LinkBox privacy page

Continue exploring

LinkBox Privacy

See what LinkBox does not collect and what stays on your device.

LinkBox Features

Explore the product capabilities that sit on top of this local-first model.

Download LinkBox

Get the current version for Windows, macOS, or Linux.

Trust the product because you can inspect the model

Explore LinkBox security details, then download the app and keep your workflow local and under control.

Download LinkBox Read Privacy Page