Frequently Asked Questions

Common questions about using and self-hosting giovium.

Why giovium?

Because it is free, fast, secure, and built entirely with absolute privacy in mind.

How can I deploy the server?

Simply download the executable and follow the guide in the documentation. It is natively available on macOS, Linux, Windows, and Docker.

Do I need to use HTTPS or a reverse proxy?

No, the server can be deployed in whatever environment you prefer. Even if you choose a normal unencrypted HTTP connection, giovium will autonomously and securely encrypt the actual connections directly between the client and server.

Can I use email to recover my account?

No. Your data is perfectly safe as long as you remember the master password. I do not use user accounts, and therefore there are no vulnerable email recovery loops.

Is the master password protected?

Yes. I use advanced Argon2 hashing protocols to forcefully defend against brute-force attacks. It would cost billions of dollars and millions of years to break a strong giovium master password.

Is giovium really free?

Yes, giovium is 100% free because it's an ideological project meant to return data freedom directly to the people without any form of tracking, just like the old days of absolute privacy.

What happens if I lose my device?

No problem, because no one can decrypt your data without the master password. Simply download the giovium app onto your new device and immediately resync your vault with your server.

How are my data safe and backed up?

Data are locally encrypted and verified each time you use and sync giovium. If you use an iPhone, an iPad, a desktop app, and your server, you effectively have 4 independent nodes of redundancy. All encrypted data is perfectly mirrored and synced simultaneously between whatever devices you connect.

What happens if the app crashes? Can I access and backup my data manually?

Yes. If the app ever crashes, your data remains perfectly safe on your device. On iOS, you can access your encrypted vault using the native Files app (iFile); you can copy it to safely back it up or move it to another device whenever you want. On desktop, the vault is stored in standard application support folders. You always retain the ability to manually back up and restore your files without relying on the app.

Where are my encrypted files stored?

Your encrypted database and file attachments are stored locally depending on your platform:

  • Mobile (iOS & Android): Stored securely in the app's Document directory. On iOS, they are also directly accessible via the native Files app and available for iCloud backup.
  • Desktop (Windows): AppData/giovium/vault
  • Desktop (macOS): Library/Application Support/giovium/vault
  • Desktop (Linux): Local application folders under your home directory, then giovium/vault.
  • Server: Inside the data folder next to the executable. For Docker, this is located at the custom path on the host OS if the folder has been explicitly mapped as a volume.

Can I sync to multiple servers?

Yes. All of your connected servers and devices can perfectly mirror and stay in sync with each other simultaneously.

Can I move server data to another server?

Yes, it is possible without any problems. Simply shut down your current server, copy the /data folder to the other server, and start the new server using the copied data. For a more detailed explanation, please refer to the documentation page.

What happens if my server is compromised or hacked?

Nothing. The server is strictly a zero-knowledge data storage node and a point of request—it only receives and sends encrypted items. Even if fully hacked, your data will never be leaked because the server never has access to your master password.

What happens if I have malware on my computer while the vault is decrypted?

This is a critical scenario, but usually, nothing happens. You simply lock the vault and close the app, immediately killing the decrypted keys from memory. For maximum security against actively running malware, you can utilize giovium's secondary "Double Encryption" feature for highly sensitive items. If your main vault is compromised but you didn't specifically unlock the double-encrypted item during that session, there is absolutely no data in the RAM to map or leak, keeping the item perfectly safe.

Should I use advanced Double Encryption with an additional password?

Yes. It is highly recommended for incredibly critical secrets, such as Bitcoin wallets, bank accounts, or primary email credentials. Just make sure you never forget this second password, as it is completely unrecoverable.

If you don't use HTTPS, how can the connection be secure?

giovium natively encrypts all data exactly like HTTPS, but it does so entirely independently. This means you do not have to rely on external Certificate Authorities (CAs), pay for certificates, or manage free certificate deployments like Let's Encrypt. giovium simply uses the absolute gold standard in modern cryptography—Ed25519 and X25519—to flawlessly sign and encrypt all traffic between clients and servers.

What local cryptography do you use to encrypt my vault?

giovium utilizes XChaCha20-Poly1305, an extremely fast and secure authenticated encryption algorithm, to securely store all of your local at-rest data and file attachments.

How do I search my vault if the data is encrypted?

Because all item contents are strictly encrypted and decrypted only when clicked, it is impossible to search within the actual content of your items. To find your data quickly, you can assign a descriptive name and comma-separated tags to each item. My dynamic search engine allows you to enter multiple queries separated by commas. It will extract each term and instantly filter your vault for matching names or tags. I highly recommend adding good names and relevant tags to ensure blazing-fast searches when you need them.

How can I hide items and retrieve them later?

Since giovium constantly versions all data, nothing is ever truly lost. If you want to declutter your view or hide an item, simply open the item's settings and disable its visibility. This immediately filters it out of your normal searches. To retrieve it, go to your application settings and enable show hidden items to search across all items. You can also enable show hidden items only to exclusively search within your hidden vault.

Can I import and export items in giovium?

Yes. You can seamlessly import and export your unencrypted vault data in bulk using the standard giovium format.

Are Argon2 and XChaCha20-Poly1305 quantum-resistant?

Yes, both algorithms are highly resistant to future quantum computing threats.

1. XChaCha20-Poly1305

This symmetric cipher is used for local encryption and authentication. The primary quantum threat is Grover’s Algorithm, a "quantum search" that speeds up brute-forcing and effectively halves the security strength of a key. However, XChaCha20 uses robust 256-bit keys. In a post-quantum world, a 256-bit key still provides 128 bits of absolute security. Since 128 bits of security remains computationally impossible to break (even for a quantum computer), XChaCha20-Poly1305 is fundamentally quantum-resistant.

2. Argon2

Argon2 is a Key Derivation Function (KDF) used for password hashing. While Grover’s Algorithm could theoretically speed up a brute-force attack on a password hash, Argon2’s secret weapon is Memory Hardness. Quantum computers are incredibly fast at specific mathematics, but they cannot magically bypass the need for massive amounts of physical memory. To run Argon2, an attacker (whether classical or quantum) must allocate a massive, specific amount of RAM. This makes parallelizing a quantum attack physically difficult and prohibitively expensive. Therefore, the memory requirement acts as a physical bottleneck that levels the playing field, ensuring Argon2 remains securely quantum-resistant.