Account Sync
Account Sync links your Stealth installs across Windows and Android under one Stealth account. Vault items, Notes, Chat profile, Clipboard history, and key settings replicate between every linked device. All payloads are encrypted on your device with a master key the server never sees in plaintext.
How It Works
Each tool that wants to sync registers as a named scope (vault, notes, chat, clipboard, settings) and reuses the same encrypted envelope. When you create or edit something on one device:
- The change is encrypted on-device with a key derived from your Stealth account password.
- The ciphertext is uploaded to the Stealth admin relay.
- The relay sends a
sync_changedevent over WebSocket to every other linked device. - Other devices download the ciphertext and decrypt it locally with the same derived key.
The relay only forwards data. It cannot decrypt your payloads.
Linking a Device
- Create a Stealth account from your first device (username and password).
- On a second device, choose Link existing account and sign in.
- The second device receives a one-time link code that you confirm on the first device.
- After confirmation, both devices appear in your account dashboard and start syncing.
You can link as many devices as your subscription allows. Stealth Pro includes 3 device licenses, with extras at $0.99/month each.
What Syncs
| Stealth Vault | Passwords, cards, and secure notes across Windows and Android |
| Stealth Notes | Notes, folders, attachments, and pinned status |
| Stealth Chat profile | Display name, avatar, contacts, and conversation keys |
| Clipboard History | Live cross-device clipboard mirror with pinned clips |
| Settings | Tool visibility, theme, hotkeys, and other user preferences |
| Future tools | New tools register their own scope and start syncing automatically |
Crypto and Security
- Identity. Stealth username and password.
- Key derivation. Argon2id with a per-account salt. The server never sees the password.
- Encryption. AES-256-GCM for payloads, ChaCha20-Poly1305 for transport.
- Transport. TLS 1.3 to
admin.stealth.online, with WebSocket fan-out atwss://admin.stealth.online:33100. - Per-device hardware ID. Bound to the device that activated the license. Servers reject mismatched requests.
Privacy Guarantees
- Stealth never sees your master key or any decrypted scope payload.
- The server stores only opaque ciphertext blobs and minimal metadata (timestamps, scope name).
- Logging out from one device tears down its server-side binding without affecting other linked devices.
- Account recovery requires either a recovery code generated at signup or proof of a previously-linked device.
Why Use Account Sync
One account, every device. Sign in once and Vault, Notes, and Clipboard show up everywhere.
Zero knowledge. Your data is encrypted on your devices. The server cannot read it.
No extra service. Included with your Stealth subscription. No separate sync account to manage.