In Transit Encryption

Data is always encrypted in transit using TLS — both between the client and PowerSync, and between PowerSync and the source database.

At Rest Encryption

The client-side database can be encrypted at rest using SQLCipher. This can be used in the Flutter SDK with some manual setup. Contact us for details, or for support on other platforms.

End-to-end Encryption

For end-to-end encryption, the encrypted data can be synced using PowerSync. The data can then either be encrypted and decrypted directly in memory by the application, or a separate local-only table can be used to persist the decrypted data — allowing querying the data directly.

An example implementation is coming soon.

See Also

• Database Setup → Security & IP Filtering

• Resources → Security