Cross-Device Sync

getbased can sync your profiles, lab data, and AI settings across multiple devices using end-to-end encrypted CRDT sync. The relay server only sees ciphertext — your data is encrypted before it leaves your browser.

How It Works

Sync is powered by Evolu, a local-first CRDT (Conflict-free Replicated Data Type) engine. When you enable sync:

1. A 24-word mnemonic is generated — this is your sync identity and encryption key
2. Your data is encrypted with a key derived from this mnemonic and pushed to a relay server
3. Other devices using the same mnemonic can pull and decrypt your data

The relay server stores only encrypted blobs. Without your mnemonic, the data is unreadable.

Setting Up Sync

First Device (New Setup)

1. Open Settings → Data
2. Toggle Cross-device sync on
3. In the setup modal, click New setup
4. Your 24-word mnemonic is displayed in cleartext — write it down and store it offline
5. Check "I have saved my mnemonic somewhere safe"
6. Click Done

Your data is now syncing to the relay. All profiles are pushed automatically.

Additional Devices (Join Existing)

1. Open Settings → Data
2. Toggle Cross-device sync on
3. In the setup modal, click Join existing
4. Paste your 24-word mnemonic from your first device
5. Click Restore

The page reloads and pulls your data from the relay. All profiles and AI settings sync over.

WARNING

Anyone with your mnemonic can access your synced data. Treat it like a password — store it offline, never share it.

What Syncs

• All profile data (lab entries, context cards, notes, supplements, cycle data, custom markers, EMF assessments)

• Profile metadata (name, sex, DOB, location, tags)

• AI settings (provider, API keys, model selections, Venice E2EE toggle)

• Chat threads, messages, and custom personalities

• Display preferences (unit system, range mode, chart overlays)

Settings such as theme are device-specific and do not sync.

Mnemonic Security

Your mnemonic is your encryption key. getbased takes several precautions:

• Masked by default — shown as bullet characters in Settings, with a Show/Hide toggle
• Clipboard auto-clear — when you copy the mnemonic, the clipboard is cleared after 60 seconds
• No server storage — the mnemonic is generated and stored locally by the Evolu engine, never sent to any server

Regenerating Your Mnemonic

Disabling sync resets your identity — the page reloads to clean up the sync engine. Re-enabling sync generates a fresh mnemonic. Your other devices will need to join with the new mnemonic.

No recovery

If you lose your mnemonic, there is no way to recover your sync identity. You can still access your local data, but you will need to set up sync again with a new mnemonic on all devices.

Sync Status Indicator

When sync is enabled, a small colored dot appears in the header (next to the settings gear):

Dot	Meaning
🟢 Green	Synced — relay connected, data confirmed
🔵 Blue (pulsing)	Syncing — push or pull in progress
🟡 Amber	Offline — relay unreachable, changes saved locally
🔴 Red	Error — sync failed

Click the dot to see details: relay connectivity, last push/pull timestamps, and a "Sync now" button for manual retry. The "Settings" link opens the Data tab directly.

The indicator checks relay connectivity every 60 seconds and monitors Evolu's error channel for connection drops.

Conflict Resolution

Sync uses last-write-wins at the profile level, based on timestamps. This is designed for single-user, multi-device use — one person using getbased on their phone and laptop. If you edit the same profile on two devices simultaneously before they sync, the most recent push wins.

Relay Server

The relay is a blind store-and-forward server — it holds encrypted blobs and broadcasts them to your other devices. It never sees your plaintext data.

By default, sync connects to wss://sync.getbased.health. You can change this in Settings → Data → Advanced to point to your own relay. A status indicator (green/red dot) shows whether the relay is reachable.

Running Your Own Relay

The relay is open source (Evolu relay). It runs as a single Docker container with an embedded SQLite database — no external dependencies.

Requirements: Any Linux VPS (1 CPU, 1GB RAM, $5/mo), Docker, and a domain with TLS.

1. Start the relay:

docker run -d \
  --name evolu-relay \
  --network host \
  --restart unless-stopped \
  evoluhq/relay:latest

This starts the relay on port 4000 (WebSocket only, no HTTP).

2. Add TLS with Caddy:

Install Caddy and create /etc/caddy/Caddyfile:

sync.yourdomain.com {
    reverse_proxy 127.0.0.1:4000 {
        transport http {
            versions h1
        }
    }
}

The versions h1 directive is required — WebSocket upgrades need HTTP/1.1.

systemctl restart caddy

Caddy auto-provisions a TLS certificate via Let's Encrypt.

3. Point DNS: Add an A record for sync.yourdomain.com → your server's IP.

4. Use it: In getbased, go to Settings → Data → Advanced and enter wss://sync.yourdomain.com. The status dot turns green when connected.

Security hardening

For a production relay, disable SSH password auth, enable UFW firewall (allow only 22, 80, 443), and enable unattended-upgrades for automatic security patches.

Relationship to Encryption

Cross-device sync and local encryption are independent systems:

• Local encryption (passphrase → AES-256-GCM) protects your localStorage data at rest on each device
• Sync encryption (mnemonic → Evolu's key derivation → XChaCha20-Poly1305) protects data in transit and on the relay

You can use either, both, or neither. Enabling local encryption does not affect sync, and vice versa.