Until now, syncing your Claspt vault required Google Drive or a Git remote. You had to configure credentials, pick a sync folder, and manage conflicts yourself. Today, Pro+ users get something simpler — Claspt Cloud Sync. One click, one OTP, and your encrypted vault lives on every device you own.
What Cloud Sync Does
Your encrypted vault syncs across all your devices automatically. Work laptop, home desktop, personal machine — always in sync, always encrypted. You make a change on one device, and it appears on the others within seconds. No manual export, no file copying, no thinking about which machine has the latest version.
Cloud Sync is available on the Pro+ plan. If you are on the free tier or Pro, everything else still works the same — Google Drive and Git sync remain fully supported. Cloud Sync is an additional option for people who want the least friction possible.
Setup Takes 30 Seconds
There is no exaggeration in that number. Here is the full process:
- Go to Settings > Sync > Enable Cloud Sync
- Verify via email OTP
- Done — your vault uploads to Claspt's servers
No app restart needed. The sync engine initializes lazily and works immediately after verification. Your vault encrypts locally, uploads in the background, and starts listening for changes from other devices. The entire flow happens without leaving the settings panel.
The BYOS Model — Google Drive Sync
BYOS stands for Bring Your Own Storage. Instead of storing your vault on Claspt's servers, you connect your own Google Drive account (personal or Workspace). Claspt syncs your vault data to a folder in your Drive. This is the sync option included with the Pro plan.
Why Google Drive? Because you already pay for it, you control it, and you can see exactly what files are stored there. If you ever stop using Claspt, your sync folder is still in your Drive — no data held hostage.
What Gets Synced
- Markdown files — your pages, with plaintext notes and encrypted secret blocks
- Vault metadata — folder structure, tags, page ordering
- Version history — Git commits are included in the sync bundle
- Encrypted vault key — the
vault.keyfile (encrypted with your master password via Argon2id)
What Google Drive Sees
Google sees your markdown files, which contain plaintext notes and opaque encrypted blobs where secret blocks are. Google can read your page titles, folder names, and non-secret content. Google cannot read any encrypted secret block — those are AES-256-GCM encrypted before they leave your device.
If you want Google to see nothing at all, use full-page encryption on sensitive pages. Fully encrypted pages appear as a single encrypted blob — Google sees no readable content.
How It Works Under the Hood
Cloud Sync is built on a few principles that matter if you care about where your data goes and who can read it.
Your vault is encrypted locally with your master password before anything leaves your machine. The encrypted payload is stored on Claspt's servers. The server never has the decryption key. It stores ciphertext and nothing else.
Sync happens automatically in both directions. When you save a change, the encrypted vault pushes to Claspt's servers. When another device detects a new version, it pulls and decrypts locally. There is no polling interval to wait for. Claspt uses WebSocket push, so changes appear on other devices within seconds of saving.
Your device list updates in real-time as well. You can see which machines are connected, when they last synced, and remove a device if you lose it or retire it.
CSYNC1 — The Sync Bundle Format
Claspt packages vault changes into CSYNC1 bundles for sync. A CSYNC1 bundle is a compact, self-describing package that contains:
- Changed files — only files that were modified since the last sync, not the entire vault
- Metadata — timestamps, file paths, and sync sequence numbers
- Conflict detection data — checksums to detect if two devices edited the same page
CSYNC1 bundles are designed to be small and incremental. If you edit one page, the sync bundle contains only that page's changes — not a full vault snapshot. This keeps sync fast even on slow connections.
Restore on a New Device
Cloud Sync also solves the "new machine" problem. Previously, setting up Claspt on a new device meant copying your vault file from another machine, or re-syncing through Google Drive or Git. With Cloud Sync, the process is built in:
- Install Claspt on the new device
- Click the "Restore" tab on the unlock screen
- Enter your Pro+ account email and verify via OTP
- Enter your master password
- Vault syncs from cloud
That is it. Your pages, folders, credentials, and settings come down exactly as they were. No file transfers, no USB drives, no "which folder did I put that in" moments. This is especially useful if your machine dies unexpectedly — your vault is already backed up and encrypted in the cloud.
How It Compares to Google Drive and Git Sync
| Feature | Google Drive / Git (Pro) | Cloud Sync (Pro+) |
|---|---|---|
| Setup | Configure Drive/Git manually | One-click + OTP |
| Real-time push | No (poll-based) | Yes (WebSocket) |
| Restore on new device | Manual file copy | Built-in restore |
| Storage provider | Your own | Claspt servers |
| Price | $4/mo | $8/mo |
Both options are end-to-end encrypted. The encryption happens on your machine before data leaves, regardless of which sync method you use. Choose Google Drive or Git if you want to control exactly where your data lives. Choose Cloud Sync if you want the simplest possible setup with real-time push and built-in restore.
Sync Security Guarantees
Regardless of which sync method you use — Google Drive, Cloud Sync, or self-hosted Git — these guarantees hold:
- Secret blocks are encrypted before leaving the device. The same AES-256-GCM encryption used locally applies to synced data. Neither Google nor Claspt can decrypt your secrets.
- The master key never leaves the device. Your master password and derived encryption key are never transmitted. Each device derives the key locally from your master password.
- Every sync change is Git-committed. Changes arriving via sync are committed to your local Git history, giving you a full audit trail of when data arrived from other devices.
- Conflict resolution is transparent. If two devices edit the same page, Claspt detects the conflict and shows both versions in a merge viewer (Pro). You choose which changes to keep.
There is no key escrow. There is no recovery backdoor. If you forget your master password, we cannot recover your vault — that is a feature, not a limitation. The encryption scheme is the same one Claspt uses for local vault storage. Cloud Sync does not introduce a new trust boundary.
Who Should Use This
If you use Claspt on more than one machine and you do not want to think about sync, Cloud Sync is for you. It removes every manual step from the process. Set it up once, and forget it exists until you need to restore on a new device.
If you are already happy with Google Drive or Git sync, there is no pressure to switch. Those options are not going anywhere. Cloud Sync is an additional path for people who value simplicity over control of the storage layer.
Sync vs. Self-Hosted Git
The free tier does not include built-in sync, but you can use self-hosted Git sync by pushing your vault's Git repo to a remote. This is a manual, developer-friendly approach that gives you full control.
Pro sync (Google Drive) is for users who want automatic, set-and-forget sync without managing Git remotes. Pro+ (hosted storage + WebSocket) is for users who want instant sync without bringing their own storage.
All three approaches — Git sync, Google Drive, and hosted storage — share the same fundamental security property: secret blocks are encrypted at rest, and the encryption key never leaves your devices.
Try Cloud Sync
Available now on the Pro+ plan. Your vault, encrypted, on every device.
See Pro+ Plans