Engineering

Securing Sensitive User Health Data: AES-256 Offline Encryption in Flutter & Isar

PR

Pavlo Rubanovskyi

June 20, 2026 · 9 min read

Securing Sensitive User Health Data: AES-256 Offline Encryption in Flutter & Isar

Privacy-First Mobile Architecture

In health and wellness tracking, privacy is not a feature — it is a prerequisite. When we designed Kvit (Квіт), our period and pregnancy tracker, we committed to a local-first, privacy-first architecture. User logs, weight tracker data, and pregnancy progress are stored securely on the user's device, out of reach of third parties.

Here is how we implemented maximum security using Flutter, secure storage, and Isar Database.

Encrypting the Local Database

Isar is an incredibly fast NoSQL database for Flutter. It natively supports AES-256 encryption. However, the database is only as secure as its encryption key.

Our key management flow: 1. On first startup, the app generates a cryptographically secure 256-bit key using the crypto library. 2. This key is saved in the device's secure hardware store using flutter_secure_storage (Keychain on iOS, Keystore on Android). 3. Every time the app initializes, it retrieves the key and opens the encrypted Isar instance.

`dart final secureKey = await secureStorage.read(key: 'isar_key'); final dir = await getApplicationDocumentsDirectory(); final isar = await Isar.open( [AppSettingsSchema, PeriodRecordSchema, DailyLogSchema], directory: dir.path, encryptionKey: secureKeyBytes, ); `

Maximum Security PIN & Biometrics

For users requiring extra privacy, Kvit offers a "Maximum Security" mode:

  • Enforces a 4-digit PIN lock on startup.
  • The PIN is hashed using SHA-256 with a unique salt, with 10,000 iterations to prevent brute-force attacks.
  • We integrate local_auth for fast biometric access (FaceID/TouchID/Fingerprint) as a secure shortcut to decrypting the vault.

Offline-First Sync

Because Kvit is offline-ready, all data validation, cycle prediction, and week calculations happen locally on-device. If the user chooses to enable community features (like anonymous posting), the data is synced via Supabase Edge Functions using encrypted payload tokens. This ensures that even in transit, data cannot be intercepted or linked to a real user identity.

Start a project

Liked this?
Let's build together.

Response within 24h · NDA Ready · Full Code Ownership