What does "local-first" mean in Vexli specifically?

It means your vault data — entities, documents, fields like EINs — is stored in a SQLCipher AES-256 encrypted database on your own machine. Vexli does not sync that vault to a cloud database. The website does authenticate you and manage your one-time license; that account data is separate from your vault.

What happens if my computer fails?

Without a backup, you lose the vault. This is the deliberate trade-off of a local-first architecture. Vexli includes an encrypted backup feature, and we recommend using it on a schedule that fits your risk tolerance.

Is local-first less secure than cloud-first?

Different threat models. Local-first removes the risk of a vendor breach exposing your records, because the records are not on the vendor's servers. It moves the risk to your own machine. Whether that is the right trade-off depends on how you protect your device.

Why local-first software fits people who handle sensitive business records

What "local-first" means in plain language

Local-first software stores your data on your own device and treats the network as an optional convenience, not a requirement. The opposite is cloud-first software, which stores your data on a vendor's servers and treats your device as a window into that data.

Both models work. Both have trade-offs. The interesting question isn't which is "better" — it's which one is the right fit for the specific data you're keeping.

The threat model for multi-entity business records

If you operate several LLCs, the records you keep are some of the highest-value identity data you produce. Each entity's record includes things like:

The entity's EIN
The registered-agent address (often your home address)
Bank account information
Signed contracts
Tax filings

From an attacker's perspective, this is essentially a packaged identity for a small business: enough information to attempt fraud, impersonation, or social engineering against vendors and banks. From the operator's perspective, it's the kind of data you want very few systems to have access to.

Cloud-first software, by definition, has access. It has to — that's how it serves your data back to you. The vendor's security is your security. If the vendor is breached, your data is in the breach. There is no way to opt out of that risk while still using a cloud-first product.

The case for local-first in this specific category

Local-first software removes the vendor from the data path. With Vexli:

Vault data lives only on your machine, in a SQLCipher AES-256 encrypted database.
Sensitive fields are additionally encrypted at the field level using AES-256-GCM, so even with database access an attacker still faces a per-field decryption step.
Intelliquinte does not operate a cloud vault for your records. There is no Intelliquinte database where your EINs live.
A breach of Intelliquinte's website infrastructure cannot expose your records, because the records aren't there.

That last point is the structural one. Promises like "we encrypt everything" depend on the vendor's behavior. "We don't have your data" depends on the architecture.

The honest trade-offs

Local-first isn't free. The trade-offs we make customers face up to before buying Vexli:

Backups are your job. Vexli has an encrypted backup feature, but where it lives and how often you run it is up to you. Lose the laptop without a backup and you lose the vault. We can't restore it. By design.
Cross-device sync is not transparent. If you want the same vault on two machines, you have to move the encrypted file. We don't do real-time sync. That's a deliberate choice, not a missing feature.
Your device security matters more. Disk encryption, OS account passwords, and physical control of the machine are all part of the threat model now. A cloud-first product would absorb some of that for you.
Your accountant or attorney still needs a different copy. If you share records with professionals, you do that explicitly — by exporting what's needed — not by giving them a login to a shared cloud.

When cloud-first is the right answer

Local-first isn't universally correct. Cloud-first wins when:

You have a team that genuinely needs simultaneous, real-time access to the same records.
You'd rather pay a vendor a recurring fee to handle backups and availability than do it yourself.
Your records are low-sensitivity and the convenience of "always accessible from any device" outweighs the breach exposure.

For solo operators and small holding-company structures running multiple LLCs, the trade-off usually tips the other way. The records are sensitive, the team is small (often one person), and the convenience of cloud sync is worth less than the privacy of "this data isn't on anyone else's machine."

How Vexli implements local-first concretely

Specific architecture choices, not slogans:

Single SQLCipher (AES-256) database file on disk
Field-level AES-256-GCM encryption for sensitive fields on top of the database encryption
No network calls for vault read/write operations
Encrypted backup export with the user's own passphrase
Online check-in is limited to license validation and updates — not vault data

If you want to read more about the privacy posture, the privacy policy is the source of truth, and our about page walks through the principles behind those choices.

Why local-first fits people who handle sensitive business records.