The vault is yours. So are the keys.

On macOS, your vault is a folder on your disk. You pick where it lives. Every page is a plain markdown file with YAML frontmatter. Every attachment is the original binary you uploaded. You can open the folder in Finder, copy it, back it up, or move it to another drive without MindWiki being involved.

On the web side, the same files live on managed infrastructure so the macOS app and the web app stay in sync. Two operations always work, regardless of plan: export the entire vault as a zip from Account → Settings, and delete your account (which removes the vault and account from servers).

• Email + password with hashed credentials. Sign in from the web; the macOS app authenticates against the same account.
• Session tokens stored as HTTP-only cookies on the web (an access token plus a refresh token). The macOS app stores its long-lived sync token in a per-user app-support file at ~/Library/Application Support/io.mindwiki.desktop/auth.json — readable only by your macOS user account.
• Per-device sync tokens. Each macOS device shows up as its own entry in Account → Devices. Revoking a device there invalidates the token server-side, so the local auth.jsonstops working on that device's next sync attempt.

Personal API keys live in Account → API Keys. Each key is named, scoped, and minted once — MindWiki stores only the hash, so a leaked key cannot be recovered, only revoked and re-minted.

• read — search, read pages, list pages, ask, similarity, graph, vault health, stats, export.
• write — capture, create or update pages, delete pages, rebuild the vault index.

A request that hits an endpoint outside its scope returns HTTP 403 with { "code": "INSUFFICIENT_SCOPE" }. Mint read-only keys for automations that don't need to write. One key per integration so revocation stays surgical.

Claude, ChatGPT, Claude Desktop, Claude Code, Codex, and any other MCP-aware client connect to MindWiki over OAuth. You see the connection request, confirm the scope, and approve it from the web app. Approved connections appear in Account → Connections; revoking a connection there cuts off that client's access on the next request. MindWiki never grants vault access to an AI without an explicit approval.

For MCP clients that can't handle remote MCP yet, the same endpoint is reachable with ?token=$MINDWIKI_API_KEY. The same scope rules apply — a read-only key cannot call a write tool.

Pro features (MCP, API keys, scheduled vault automation) are gated server-side based on your plan, not just hidden in the UI. Downgrading deactivates them; upgrading reactivates them without re-onboarding.

• Export the whole vault as a zip whenever you want. Account → Settings → Export.
• Delete account removes the vault and account data. Account → Settings → Danger Zone.
• Local vault path on macOS — chosen by you, changeable any time.
• No indexing of private content. /account/* and the internal /api/* routes are disallowed in robots.txt.

• No surprise AI writes. Three of the four Pro automations (Auto-Linker, Weekly Classifier, Pattern Detection) land proposals you approve before anything changes. Monthly Summary writes one additive summary page per month at a fixed path. Direct AI client edits happen only through MCP/API credentials with the scopes you authorize.
• No data sales. Vault contents are not shared for advertising or partner training.
• No team workspaces yet.MindWiki is a single-user product, so there's no role/permissions surface that could leak a vault to another account.

Security report or vulnerability disclosure? Email security@mindwiki.io. For general support, use support@mindwiki.io.