How does SimpleumSafe work?

SimpleumSafe is an encrypted document archive for Mac, iPhone, and iPad. You can store documents, scans, photos, and PDFs securely — and find them again later.

Don’t worry: these are the basic concepts without a tech overload. Still, we explain the “how” as well — always with the question: what does this mean for your archive in everyday use?

Quick overview

  1. Create a Safe You create a Safe (like a folder/vault) and protect it with a password.
  2. Add documents Import documents, PDFs, scans, or photos into the Safe.
  3. Organize, search, keep working Search your archive, open files safely (preview), export when needed, or sync across devices.

In short: everything in the Safe stays encrypted, and SimpleumSafe only decrypts when it’s truly necessary for an action.

What this means for you: your archive feels “normal” to use (organize, search, preview) — but your data stays protected.

Goals of SimpleumSafe

SimpleumSafe helps you keep documents organized and long‑term — without having to fine‑tune complicated security settings. Security is not the goal in itself; it’s the “airbag” for your archive: your documents should stay protected even when something goes wrong (e.g., accidental sharing, shoulder surfing, or a lost device).

Core objectives

  • Easy to use: you can manage your archive without technical knowledge.
  • Privacy for your entire archive: contents and file information (e.g., names) stay encrypted.
  • Protection by default: files are only decrypted when you explicitly trigger it (e.g., export/open outside).
  • Work securely: preview and editing follow a protected workflow — not as a permanent “open copy” on the system.
  • Suitable for sensitive documents: supports GDPR technical and organizational measures (TOMs).
  • Integrated into your Apple workflow: sharing, services, clipboard, and drag & drop — without “giving up” the Safe.
  • Safe across devices: synchronization and sync data stay encrypted end‑to‑end.
  • An extra protection layer: SimpleumSafe complements macOS/iOS security instead of relying on it alone.
  • Proven cryptography: uses established encryption technology (no experiments).

Concept

SimpleumSafe adds its own security layer: it provides its own file system and its own “Finder”. Within this closed system, data always remains encrypted.

You can think of SimpleumSafe like a real‑world vault: everything you put into the Safe is encrypted immediately and continuously.

What this means for you: you can work with your archive (folders, files, preview, search) — but outside of SimpleumSafe your content is not left “open” on disk.

Password

A Safe within SimpleumSafe is created with a password. Here, a random encryption key is created and this is in turn encrypted with the password and stored. The password itself is not saved.

When opening the safe, an attempt is made to decrypt the file with the encryption key. If this is successful, then the password was correct otherwise wrong. However, it is not possible to derive the password in reverse, neither from the encrypted files nor in any other way, since it is never stored.

What this means for you: without your password, nobody can open your Safe — including us.

Encryption

In archives, even file names can be sensitive (e.g., “Taxes 2024”, “Insurance”, “ID”). That’s why SimpleumSafe protects not only the content, but also everything around it.

In short:

  • Contents are stored encrypted.
  • File names and file information (metadata) are encrypted as well, so lists/structures don’t reveal anything.

When a file is imported into SimpleumSafe, its contents are encrypted and saved as an encrypted file inside the Safe. The file name of the encrypted data is a random, non‑meaningful value and contains neither the original file name nor other information about it.

The file name and other imported file information is stored encrypted together with internal management/organization data in a database.

What this means for you: not only the content, but also “around it” (e.g., name/metadata) is protected — so your archive remains private even if someone could only see file lists.

Location of a Safe

A Safe should be stored locally on your Mac or iPhone/iPad.

Important: don’t manually place the Safe into a cloud folder (e.g., iCloud Drive/Dropbox). Internally, a Safe contains a database; file/folder‑level cloud sync can disrupt this.

If you want to use the Safe across devices, use SimpleumSafe synchronization.

What this means for you: your archive stays stable — and sync happens in a controlled (and encrypted) way through SimpleumSafe instead of “cloud file sync”.

SyncDescription@3x Created with Sketch. Encrypted Synchronization data in the cloud local Safe local Safe

Secure temporary cache (macOS only)

When you preview or edit a file, it should remain protected while you work. For that, SimpleumSafe uses a temporary, encrypted workspace on macOS.

Quickly explained:

    1. The file is copied into the encrypted workspace.
    1. Preview or the editing app works with that copy.
    1. Changes are imported back into the Safe and the workspace copy is deleted.

To use the macOS preview function and to safely edit files from the Safe, the file is copied into an “encrypted temporary storage”. Preview or the associated editing program then works with that file. This keeps the file protected even while you work.

After you have changed the file, it is immediately imported back into the Safe. After closing the editing program, the file is deleted from the encrypted temporary storage.

The encrypted temporary storage is locked/invalidated after exiting SimpleumSafe so it cannot be used anymore. Each time you start SimpleumSafe, a new encrypted temporary storage is created.

What this means for you: you can preview and edit files normally — without leaving permanently unprotected copies on your Mac.

Note

Practical note: the “encrypted temporary cache” is limited to 100 GB. This is indirectly due to the limitations of so‑called sandboxing for apps in the Apple Mac App Store.

Synchronization

To keep your archive consistent across devices (e.g., Mac + iPhone), SimpleumSafe synchronizes changes encrypted. No special servers are required.

Technically, SimpleumSafe creates a synchronization directory (a “sync folder”) that logs every change to the Safe (add, change, delete). On another device, these changes are applied. All information stored in the Safe remains encrypted during synchronization.

The key itself used for encryption and decryption is not synchronized. Therefore, even if the synchronization data from the cloud were stolen, it would be unusable, even in the case where the password is known.

Synchronization happens in two steps:

  1. First, metadata is synchronized (e.g., file name, size, creation and modification date).
  2. Then, file contents are synchronized.

What you may see in everyday use: if a large amount of data is being synchronized or the connection is slow (with iCloud, speed also depends on iCloud/Apple), you may already see folders and file names on another device while the contents are still being transferred. In that state, file names may appear gray. Once the contents are transferred, file names become normal again.

Important: even during that phase, contents remain encrypted — only the full transfer is still in progress.

What this means for you: you can use your archive on multiple devices. If you briefly see gray entries in large archives, that’s normal: first the structure is transferred, then the contents.

If you want to go deeper: Features · Security · Buying options