How encrypted iCloud sync works in a private vault

Encrypted iCloud sync means a private vault can support device changes and recovery without uploading readable private files.

The privacy boundary

Mo Layer is local-first. Private content stays on the device by default. When encrypted iCloud sync is enabled, content is encrypted before upload and stored as ciphertext for recovery and device changes.

The developer does not hold the user’s decryption key. This matters because sync should not turn a private vault into a readable cloud library.

What sync is for

Encrypted sync is useful when you replace an iPhone, reinstall the app, or need a recovery path after device loss. It is also useful when private material includes documents and files that would be painful to rebuild manually.

What sync should not mean

Encrypted sync should not mean public sharing, web viewing, advertising analysis, or developer access to private files. Mo Layer’s website is not a web vault and does not upload, store, or process user private files.

What to check in any private vault

• Does the app explain whether files are encrypted before upload?
• Does the developer hold the decryption key?
• Is sync optional or required?
• Does the app separate product feedback from private vault content?
• Does the recovery model match your risk level?

For Mo Layer, Pro focuses on capacity, encrypted sync, recovery tools, batch organization, and advanced controls while keeping the local protection model clear.