Database Encryption in SavePoint
Your financial data is nobody's business but yours, and SavePoint is built to keep it that way. This guide explains database encryption, an optional layer that locks your entire database file with AES-256 (the same class of encryption used to protect banking and government data). You will learn how it works, how to turn it on, the quirks worth knowing (like the encryption password you enter at startup), and the single most important thing you must never lose: your recovery key. It is privacy you control, explained in plain language.
Database Encryption locks your entire SavePoint database file with strong encryption (AES-256, the same class of encryption used to protect banking and government data). It is optional and off by default. When it is on, the file on your disk is scrambled into unreadable data, and SavePoint asks for your encryption password once when it starts. This page explains, in plain language, exactly what it does, how to use it, the important quirks, how to fix problems, and the one thing you must never forget.
SavePoint (the company) holds no keys and has no backdoor. If you turn on encryption and then lose both your encryption password and your recovery key, your data is gone permanently. It cannot be recovered by us, by you, by support, or by any tool. This is not a limitation we can fix on request โ it is the entire point of encryption, and it is what makes your data safe from thieves.
Before you enable encryption, decide how you will store your password and recovery key so you cannot lose them. A password manager, a printed sheet in a safe, or a bank deposit box are all good choices. Storing them only in your head is how people lose their data.
๐ก๏ธ What Encryption Protects (and What It Doesn't)
What it protects: the database file itself, at rest. If someone steals your laptop, copies your database file off a USB drive or a synced cloud folder (like OneDrive or Dropbox), or recovers your hard drive from the trash, they get nothing but random bytes. They cannot read a single transaction, balance, account name, or note without your password.
What it does NOT protect:
- A running, unlocked SavePoint. Once you have unlocked the app, your data is decrypted in memory so you can use it. Anyone sitting at your unlocked computer can see it. Use the idle auto-lock and a screen lock for that.
- Files you export. CSV, Excel, and PDF exports are plain, readable files by design โ their whole purpose is to take data out of SavePoint. Encryption does not touch them. SavePoint reminds you of this the first time you export.
- A weak password. Encryption is only as strong as your password. A password like "password1234" can be guessed. SavePoint requires at least 12 characters or 4 words for this reason.
- Malware on your machine. Encryption at rest cannot stop a keylogger or virus that is already running on your computer while you use the app. Keep your computer clean and updated.
For the strongest protection, combine SavePoint encryption with your operating system's full-disk encryption (BitLocker on Windows, FileVault on macOS). SavePoint encryption protects the one file even if it leaves your machine; full-disk encryption protects everything else, including temporary copies the operating system might make.
๐ The Two Passwords: Encryption Password vs. Login Password
This is the single most important concept to understand. When encryption is on there are two separate steps at startup, and they can use the same password or different passwords:
- The unlock screen (encryption password). This appears first, before anything else. It decrypts the database file so the app can open at all. This is the password you set when you turned encryption on.
- The login screen (your master/login password). This is your normal SavePoint account login. It identifies you as a user and loads your data.
When you enable encryption you can choose to use your login password as your encryption password (recommended for a single user โ one password to remember), or set a separate encryption passphrase. If you use the same password for both, SavePoint can log you straight in after unlocking (see "Skip the login screen" below) so you only type it once.
โ How to Turn Encryption On
- Read and acknowledge the warnings. You must confirm you understand that a lost password and lost recovery key mean permanent data loss, and that you will store your recovery key safely.
- Choose your encryption password. It must be at least 12 characters, or a phrase of at least 4 words. SavePoint shows a strength meter and blocks passwords that are too short or that appear on lists of common breached passwords. Longer is genuinely stronger โ a four-word phrase like "river copper lantern seven" is easy to remember and very hard to guess.
- Save your recovery key. SavePoint generates a one-time recovery key (nine groups of five characters, like
4R9TK-2M7PX-...). This is your only other way in if you forget your password. Copy it, print it, or save it to a file, and store it somewhere safe and separate from your computer. It is shown only once. Screen capture is blocked on this screen. - Prove you saved it. You must re-type two of the groups. This is deliberate friction so you cannot skip past the recovery key without actually recording it.
- SavePoint encrypts and restarts. Your original unencrypted database is kept aside briefly as a safety copy while the encrypted version is verified. Then SavePoint restarts and asks for your password.
The recovery key is the difference between "I forgot my password, no problem" and "I lost everything." Do not close the wizard until you have physically written it down or saved it somewhere you will still have it in five years. Treat it like the key to a safe deposit box, because that is exactly what it is.
๐งน Delete the Unencrypted Leftover Copy
Right after you enable encryption, SavePoint keeps your original unencrypted database aside as a safety net, in case something went wrong during conversion. Once you have confirmed everything works (open the app, check your data), return to Settings โ Security โ Encryption and use the "Delete these files" button to remove that leftover unencrypted copy. Until you do, someone could still read your data from that old copy.
On modern SSDs, deleting a file does not always physically erase the underlying data immediately, due to how these drives manage storage. For truly thorough protection of the old unencrypted data, also use full-disk encryption (BitLocker / FileVault), which makes any leftover fragments unreadable too.
๐ Everyday Use: Unlocking
Once encryption is on, every time you open SavePoint you will see the unlock screen. Type your encryption password and you are in. This takes about a second (SavePoint deliberately makes password-guessing slow for attackers, which costs you one second at unlock). After unlocking, there is no performance difference at all โ the app runs at full speed. Making backups and exports works exactly as before.
If you type the wrong password, SavePoint simply says so and lets you try again. There is no lockout counter, on purpose: a lockout would only annoy you while doing nothing to stop a determined attacker who has copied your file. Your protection comes from the strength of your password, not from a lockout.
๐ If You Forget Your Password: The Recovery Key
On the unlock screen there is a "Use recovery key instead" link. Enter the recovery key you saved when you enabled encryption. SavePoint forgives common typos (it ignores dashes and spaces and fixes look-alike characters like O/0 and I/1), and it will tell you if the key does not match rather than failing silently.
- Single user: after unlocking with the recovery key, SavePoint requires you to set a new encryption password on the spot, so you are not stuck using the recovery key every time.
- Multiple users: the recovery key lets you past the unlock screen, and then you log in normally. If you also forgot your login password, use the "Forgot Password?" / security-questions flow on the login screen to reset it.
There is nothing anyone can do. Your data cannot be recovered. Your only options are: restore from an unencrypted backup made before you enabled encryption (if you have one), or start over with a fresh database. This is why we say, repeatedly: store your recovery key somewhere safe. We are not being dramatic โ we genuinely cannot help you, by design.
๐ Changing Your Encryption Password
If your encryption password is separate from your login password (single user), change it under Settings โ Security โ Encryption โ Change encryption passphrase. If your encryption password is your login password, just change your login password in the Master Password section โ SavePoint updates your encryption key automatically. Either way, changing your password is fast: it does not re-encrypt your whole database, it only re-locks the key.
Changing your password does not change your recovery key. If you ever suspect your recovery key was seen by someone else, generate a new one with "Generate new recovery key" (the old one immediately stops working). Then store the new one safely and destroy the old copy.
โก Convenience Options
"Unlock automatically on this computer" uses your operating system's secure storage (Windows or macOS) to remember your key on this one machine, so SavePoint opens without asking for the encryption password. This is convenient but weakens protection: anyone who can sign in to your computer account can then open SavePoint without the password. It is off by default. Only turn it on if your computer account itself is well protected, and never on a shared or public computer. Your backups are never affected by this setting โ they always require the password.
"Lock encryption after inactivity" (idle auto-lock) will re-lock the vault after a chosen period of no activity, requiring the password again. This protects you if you walk away from an unlocked SavePoint.
"Skip the login screen after I unlock on this computer" is a per-user convenience available when you unlock with your own password (multi-user files). Because unlocking with your own password already proves who you are, SavePoint can log you straight in instead of asking for the same password twice. It only applies to you, and only when you unlock with your own password โ never after a recovery-key unlock or automatic unlock.
These sound like opposites but they cooperate. Require Password on Startup makes SavePoint ask for your login every launch instead of remembering you. Skip Login After Unlock avoids asking for the same password twice when your unlock password and login password are the same โ the unlock counts as your password entry. If your encryption password is a separate passphrase, skip-login does not apply and you will be asked for your login password after unlocking.
๐ฅ Encryption With More Than One User
If your SavePoint file has multiple user profiles, they all share one database file, so encryption affects everyone. SavePoint uses per-user keys: each person unlocks the file with their own login password. Here is how it works:
- Everyone must have a password, and it must be strong. Because each person's password becomes an unlocking key, every active user must have a login password of at least 12 characters or 4 words before the file can be encrypted. If anyone has no password or a weak one, SavePoint tells you who needs to fix it first.
- Everyone participates in turning it on. When you enable encryption on a multi-user file, each user enters their own password once during setup. This both builds their personal key and confirms they agree to encryption. One person cannot silently encrypt and lock everyone else out.
- Each person unlocks with their own password. At the unlock screen, whoever is using the computer simply types their own login password.
- New profiles added later get their own key automatically when they are created (they set a strong password at signup). If a profile somehow has no key, an existing key-holder can grant it under User access by having that person enter their own password.
๐ The Encryption Owner
On a multi-user encrypted file, the person who turns encryption on becomes the encryption owner. This keeps important, file-wide decisions with one responsible person rather than letting anyone change them. The wizard tells you when you are becoming the owner.
Only the owner can: turn encryption off, rotate the recovery key, turn on automatic unlock, set the idle auto-lock, delete leftover files, and transfer ownership to someone else (which requires the owner's own password to confirm).
Every user (including non-owners) can: change their own login password (which updates their own key), turn their own skip-login on or off, grant a keyless profile access, and of course unlock and use the app.
By design, the owner cannot silently revoke another person's key. To remove someone's access you delete their login account (Settings โ Data Management โ Delete Account), which is a deliberate action with warnings, a password confirmation, and an automatic backup โ and it removes their key as part of the deletion. Their household-member attribution on shared history is preserved separately. If the owner deletes their own account, ownership automatically passes to a remaining key-holder (with several remaining, you choose who).
๐พ Backups and Encryption
When encryption is on, your backups are encrypted too, automatically. Backups are saved as .spbk files, which contain the encrypted data plus the information needed to unlock it with your password. This means:
- A
.spbkbackup plus your password can be restored on any computer, even a fresh install of SavePoint. You will be asked for the password (or recovery key) during the restore. - Backups are safe to store on a cloud drive or external disk โ they are encrypted, so they are useless to anyone without your password.
- Older plain
.dbbackups (from before you enabled encryption, or from earlier versions) can still be restored. Restoring a plain backup returns your data to unencrypted; you can re-enable encryption afterward.
CSV, Excel, and PDF exports contain your financial data in plain, readable form even when encryption is on โ that is their purpose. Store them somewhere safe or delete them when you are done. SavePoint shows a one-time reminder the first time you export.
๐ Quirks and Behaviors to Know About
- The hidden vault file must stay with your database. SavePoint stores the wrapped key in a small file next to your database (both live in SavePoint's data folder). If you manually move or copy your database file somewhere, the key file must go with it, or you will not be able to unlock even with the correct password. This is why you should always use SavePoint's own Backup feature (which bundles everything) rather than copying files by hand.
- Two users with the same password. If two people happen to choose the exact same login password, SavePoint cannot tell them apart from the unlock password alone, so it will show the login screen for you to pick your profile (even if skip-login is on). This is the safe behavior and is intentional. SavePoint will never tell you that a password is "already in use" (that would leak information).
- Encrypting alone, then adding a user. If you encrypt as the only user with a separate passphrase and later add a second user, you keep your access through the passphrase you set. If your login password was too weak to use as your key, that is why you set a separate passphrase โ this is normal and everything continues to work.
- "This database was created by a newer version of SavePoint." If you see this at startup, an older copy of SavePoint is trying to open data written by a newer version (for example after a downgrade, or restoring a backup made by a newer app). Update SavePoint to the latest version and it will open normally. SavePoint refuses rather than risk damaging newer data.
- Brief messages during enable/disable restart. When you turn encryption on or off, SavePoint restarts. You may briefly see technical messages in logs during that restart โ they are harmless and expected as the old and new sessions hand off.
- Recovery-key unlock never skips login. Skip-login only applies when you unlock with your own password. Coming in via the recovery key always takes you to the login screen, on purpose.
๐ง Turning Encryption Off
You can turn encryption off at any time (the owner does this on a multi-user file). It decrypts your database back to a plain file and requires your password to confirm. After it finishes, SavePoint restarts and no longer asks for an unlock password. Afterward, use the "Delete these files" cleanup to remove the now-unneeded encrypted leftovers if you wish. There is no lock-in โ you are always free to turn it off.
๐ฉบ Troubleshooting
- "I forgot my encryption password." Use "Use recovery key instead" on the unlock screen, then set a new password.
- "I forgot my password AND lost my recovery key." The encrypted data cannot be recovered. Restore an unencrypted backup from before you enabled encryption if you have one; otherwise you will need to start with a fresh database. (Please store your recovery key safely to avoid this.)
- "SavePoint says the file is corrupt / not a database." This usually means the small key file that lives next to your database was moved or deleted, or the files were separated. Restore from a SavePoint
.spbkbackup, which contains everything needed. - "My password worked yesterday and not today." Check Caps Lock and your keyboard language. If someone changed your login password (and it is your encryption key), the new password is the one that unlocks now.
- "A user can't unlock with their own password." Their profile may not have its own key yet (for example a profile created in an unusual way). An existing key-holder can grant them access under User access, with that person entering their own password. Make sure their password meets the 12-character / 4-word requirement.
- "No one is the encryption owner." Opening Settings โ Security โ Encryption repairs this automatically by assigning ownership to a remaining key-holder.
๐ฏ When Should You Use Encryption?
Laptops that travel, computers in shared or semi-public spaces, and any database stored in a cloud-synced folder (OneDrive, Dropbox, Google Drive) where the file could be swept up and copied. If your financial data leaving your machine would worry you, turn it on.
A desktop in a private home with good physical security, especially if you already use full-disk encryption. Even then it is a reasonable extra layer, and it costs you nothing but one second at startup and the responsibility of keeping your recovery key.
Encryption is a promise that only you can open your data. That promise cuts both ways: if you lose your password and your recovery key, only you was true, and now no one can open it, including you. Store your recovery key somewhere safe before you turn encryption on, and you never have to worry about this again.
-
Set Master Password
- Choose a strong, unique password (consider using a password manager)
- Write down password in a secure location as backup
- Password will be required every time you open SavePoint
-
Configure Security Questions
- Select 2 questions with answers you'll remember in 5-10 years
- Avoid answers that are publicly available on social media
- Document answers in a secure location (separate from your computer)
- Remember: answers are case-sensitive
-
Enable Auto-Lock (Optional)
- Choose timeout: 5 min (high security) to 30 min (convenience)
- Test auto-lock by waiting for timeout period
- Verify you can unlock with master password
-
Enable Database Encryption (Optional)
- Choose an encryption password (at least 12 characters or 4 words) โ you can use your login password or a separate passphrase
- Save the recovery key shown during setup โ copy or print it and store it somewhere safe and separate from your computer
- Test by closing and reopening SavePoint, and confirm you can unlock
- Create a backup (it will be encrypted) and confirm you can restore it
- Return to the Encryption section and delete the leftover unencrypted copy
See the full Database Encryption guide above for details, quirks, and troubleshooting.
No Password Recovery Backdoor: SavePoint uses one-way cryptographic hashing for logins and strong encryption for the database, with no backdoors. A lost master password can be reset with your security questions. A lost encryption password can be recovered with your recovery key โ but if you lose BOTH the encryption password AND the recovery key, the encrypted data is gone permanently and cannot be recovered by anyone, including us.
Test Your Security Setup: After configuring security, test password recovery with security questions, test auto-lock functionality, and if using encryption, verify you can close and reopen the database, unlock with your recovery key, and restore a backup successfully.
Document Everything Securely: Write down your master password, security questions/answers, and (if you use encryption) your encryption password and recovery key in a secure physical location (safe, safe deposit box) or an encrypted password manager. Store the encryption recovery key separately from your computer. Your future self will thank you.