aes-256-gcm encryption via pbkdf2 key derivation from user's password + email salt (100k iterations). encryption key is derived during login/register and stored in localstorage. all portfolio and settings data is encrypted client side before being sent to the server. server stores opaque enc:v1:<base64> blobs and can't read user data even if the db is compromised. if this still doesn’t satisfy your privacy requirements, keep everything in your browser’s local storage and use json export/import to manage your assets and settings without touching the server. 📝 fa2763ee…