Private by default.
No DataMoat cloud account. Your vault, transcripts, skills, attachments, and keys stay on-device.
v2.0.1New: skills + sessions + attachments backup.
Your most valuable future asset.
Protect and back up everything you build with Claude, Codex, Cursor, and OpenClaw against known quantum brute-force attacks.
Your prompts, plans, code, decisions, and workflows are becoming your future knowledge capital. DataMoat keeps a protected local copy before that work disappears from tool histories.
On-device by design
Encrypted local vault
Vault keys never sent
SessionsClaude, Codex, Cursor, and OpenClaw work records.
SkillsFull skill folders, file counts, and snapshots.
AttachmentsFiles and media linked back to source sessions.
Signed macOS DMGNotarized Apple Silicon app with Touch ID unlock on supported Macs.
Windows ZIP buildsx64 and ARM64 packages with startup registration after install.
No DataMoat cloudYour vault, transcripts, skills, attachments, and keys stay on-device.
Full folder snapshotsSupported skills are backed up as folder contents, not just names.
No DataMoat cloud account. Your vault stays local.
Windows ZIP + DataMoat.exe packages are full app folders. Unzip the package, keep the folder together, and run Install DataMoat.cmd once to launch DataMoat and register startup for the current Windows user.
Start backing up your AI work today.
DataMoat backs up supported skills + sessions + attachments into the same encrypted local vault. It preserves raw source records intact, saves skills as full folder snapshots, and builds a normalized index for search, export, reuse, handoff, and private AI memory.
Made for work you cannot afford to lose.
Your most valuable future AI data is already disappearing from local app histories, cleanups, and compaction.
Useful for people and companies.
The people and companies that own their AI data will win the future.
DataMoat v2.0.1
Download, unlock, and keep your AI work local.
Get the signed macOS app now, or choose Windows ZIP/source install options from DataMoat release downloads.
Get DataMoat for macOS View all install optionsSupported sources and platforms
Claude CLI
Claude Desktop
Codex CLI
Codex app
OpenClawCursor
macOS
Linux
Why DataMoat exists
Your AI work history is not just history. It is the work-process data your future agents and employees will need: the prompts, context, tool calls, outputs, corrections, decisions, files, logs, attachments, and skills behind finished work.
Private data assets
Those traces are private data assets: what the human asked, what context the agent saw, what tools were called, what files and skills were present, what was corrected, and what eventually worked.
Searchable work history
Search past prompts, solutions, tool output, thinking-token context when present, timestamps, metadata, files, images, PDFs, attachments, and saved skills without depending only on a live service view.
Private by design
Your AI work vault lives on your machine, encrypted at rest. DataMoat does not receive your transcripts, skills, attachments, vault database, search history, or vault keys.
Encrypted recovery
AES-256-GCM vault storage with password-based unlock, optional TOTP, 24-word recovery phrase, one-time codes, local auditability, and Touch ID / Secure Enclave unlock on supported Macs.
AI work interaction data layer
DataMoat records the work behind the answer.
Every AI-assisted task creates interactions between people, agents, files, tools, prompts, outputs, corrections, and decisions. DataMoat turns those interactions into an encrypted private data asset that future agents and employees can search, reuse, audit, and hand off.
That makes DataMoat more than a backup utility. It is the enterprise AI work black box and private knowledge base for the work your people and agents already did.
Black boxReconstruct what happened when an AI-assisted task mattered.
Knowledge baseKeep the process, not only the final answer or commit.
Handoff layerGive future teammates and agents the decisions behind the work.
Private memoryBuild reusable context without sending a vault to DataMoat.
Who solved what?
Keep the work record around incidents, migrations, bugs, product decisions, and repeated workflows so the next person can find the path, not just the outcome.
What did the AI see?
Preserve supported file context, attachments, skills, metadata, local source records, and the surrounding session that shaped the answer.
How did employees prompt?
Save the prompt trail, corrections, constraints, clarifications, and decisions that turned a vague task into a usable result.
Which tools ran?
Capture supported tool calls, command output, errors, timestamps, source metadata, and stable attachments when the source writes them locally.
Which solution shipped?
Keep the evidence around the adopted approach: alternatives discussed, failed paths, final commands, review notes, and the reason the team moved forward.
Can it be reused later?
Make AI work searchable for reuse, audit, incident review, onboarding, project handoff, and private AI memory across Claude, Codex, Cursor, and OpenClaw.
Enterprise AI work black box + private knowledge base.
DataMoat captures supported sessions, skills, attachments, and source records into the same encrypted local vault, preserving the interaction history companies need before it disappears into app-specific history, compaction, cleanup, or machine moves.
What DataMoat does today
DataMoat provides a real local capture, encrypted vault, and review foundation for supported AI work records, skills, and attachments.
Supported local capture
Captures supported local records from Claude CLI, Codex CLI, Codex app sessions, Claude Desktop local-agent sessions on macOS, OpenClaw, and Cursor.
Encrypted vault records
Stores protected content as encrypted vault files instead of plaintext transcript dumps, with transcripts, skills, attachments, state, and source records encrypted at rest.
Sessions and messages
Normalizes supported records into session and message structures with prompts, responses, tool use, tool results, usage, model, timestamps, metadata, and parsed thinking blocks when available.
Skills, attachments, and search
Stores supported image, document, and file attachments plus full SKILL.md folder snapshots, then lets you browse and search captured sessions locally after unlock.
Security architecture
On-device vault. Encrypted work traces. Keys stay local.
DataMoat is designed around local ownership: supported source records, skills, and attachments are captured on your machine, written into AES-256-GCM encrypted vault storage, and searched only after a local unlock. DataMoat does not receive your transcripts, skills, attachments, vault database, search history, or vault keys.
Background capture can keep saving new supported records while the UI remains locked. Reading and searching existing vault content still require an approved unlock path: password, optional TOTP, Touch ID on supported Macs, recovery phrase, or one-time recovery code.
AES-256-GCMAuthenticated vault, state, raw source record, offset, skills, and attachment encryption.
scryptPassword verifier and wrapped vault-key release, with timing-safe comparison.
BIP-3924-word recovery phrase plus one-time recovery codes for local recovery.
capture/writeSupported source records are read from local files and written as encrypted vault records.
raw-firstOriginal source lines are stamped with SHA-256 and encrypted before extraction builds searchable views.
unlock/readPassword, optional TOTP, Touch ID on supported Macs, recovery phrase, or one-time code opens a read/search session.
audit/healthAudit entries are hash-chained for current-log integrity checks; diagnostics redact passwords, tokens, recovery material, and vault keys.
Authenticated encryption, not a plain export folder.
Vault JSONL lines, state files, raw records, and attachments are encrypted at rest with AES-256-GCM using 12-byte nonces and 16-byte authentication tags.
Keys are wrapped; passwords are not stored.
Normal unlock uses scrypt-derived material and stores verifiers or wrapped-key records instead of a plaintext password or plaintext vault key.
Recovery stays local.
The 24-word phrase and one-time codes are local recovery paths. DataMoat stores hashed or wrapped recovery material, not the phrase or codes as readable text.
Capture and reading have separate boundaries.
A background capture session can write new encrypted data and encrypted offset state while the UI stays locked; reading, searching, and display remain behind local unlock.
Raw-first storage preserves what the source wrote.
DataMoat saves encrypted raw source records before extractor logic decides what to show, so future extractors can rebuild richer views from the protected copy.
Hash-chained audit checks and redacted diagnostics.
datamoat audit verify detects changed or broken entries in the current on-disk audit log. It is not a remote notarization service or deletion-proof ledger. Health/crash records redact secret-like values including tokens, mnemonics, recovery codes, passwords, and vault keys.
Future brute-force resistance
Why DataMoat can resist known GPU and quantum attacks today.
A DataMoat recovery phrase uses the BIP-39 24-word format, which encodes 256 bits of entropy plus checksum bits. That phrase is a human-backup path for releasing the vault key locally; DataMoat does not store the phrase as readable text.
The vault itself is sealed with AES-256-GCM. NIST treats AES-256 as the 256-bit symmetric-key security-strength baseline, and its post-quantum guidance says known quantum brute-force techniques such as Grover-style search do not currently turn high-strength symmetric encryption into a practical break. In plain English: today, the realistic risk is losing or exposing your recovery phrase, not someone GPU-guessing or quantum-cracking a properly generated 24-word phrase and AES-256 vault.
24-word BIP-39 recovery phrase
local unlock / key release
AES-256-GCM authenticated vault
resists known quantum brute force
Raw-first vault
Capture the source record first. Improve the extractor later.
AI tools change their local formats quickly. DataMoat's raw-first path keeps an encrypted copy of the source record before transforming it into a searchable session, which reduces the risk of losing context when a parser gets better later.
local source record
SHA-256 content stamp
AES-256-GCM vault line
searchable local view
Protection model
A local vault should make each boundary visible: what gets read from supported source files, what is written encrypted, what requires human unlock, and what DataMoat never receives.
Local capture boundary
Supported AI tool records are read from local files. Raw source lines are content-stamped before extraction builds a searchable view.
source line -> sha256
Authenticated vault write
Vault lines, raw records, offsets, session state, skills, and attachments are encrypted with AES-256-GCM before they become the protected copy.
nonce(12) + tag(16) + ciphertext
Human-controlled unlock
Password, optional TOTP, 24-word recovery phrase, one-time recovery code, or Touch ID on supported Macs opens read/search.
scrypt verifier + wrapped key
Local-only search session
Existing vault content is decrypted only after local unlock. Browse and search happen through the local app, and DataMoat does not receive your vault, search history, or keys.
read session -> local UI
source record
hash stamp
AES-GCM seal
encrypted vault
The moving line represents the write boundary: plaintext source record in memory, authenticated encrypted record at rest.
AES-256-GCMVault, raw, state, skills, attachments
scryptPassword verifier and wrapped key
Optional TOTPSecond factor for unlock
24-word recoveryBIP-39 local recovery
One-time codesStored as hashed recovery material
Touch IDSupported Macs only
Tamper-evident audit log - verify current local integrity with datamoat audit verify
Supported sources
Claude CLI
Full local transcript capture, including locally written thinking blocks when present.
Codex CLI
Terminal sessions, transcript text, tool output, timestamps, metadata, and stable attachments.
Codex app
Supported local app sessions, tool output, metadata, and stable image attachments.
Claude Desktop
Supported local-agent sessions on macOS when the desktop app writes them to disk.
OpenClaw
Supported local OpenClaw transcripts plus provider, model, and cost metadata when present.
Cursor
Readable local agent-transcripts JSONL records, including text and tool blocks when present.
Attachments
Encrypted image and supported file/PDF blocks, linked back to their source sessions.
Skills folders
Global and project SKILL.md folder snapshots, including helper files, not just skill names.
Commands for programmers
datamoat
$ datamoat
Open the DataMoat UI.
datamoat status
$ datamoat status
Check vault and system status.
Vault: Locked Items: 3,246 Vault: Encrypted Encryption: AES-256-GCM
datamoat scan
$ datamoat scan
Scan for new data to capture.
Sources scanned: 3 New items: 54 Attachments: 6 Duration: 1.23s
datamoat audit verify
$ datamoat audit verify
Verify the current audit log integrity. Without an external checkpoint, this does not prove the local log was never deleted, truncated, or fully rewritten.
Entries: 1,842 Status: Verified All good.
datamoat update check
$ datamoat update check
Check for a newer DataMoat release.
Current: v2.0.1 Status: Up to date
For individuals and teams
Private AI memory
Keep the work-process context your own future agents and employees can use: prompts, decisions, corrections, files, skills, attachments, and results.
Team continuity
Keep AI-assisted work reviewable across people, projects, machines, and clients without losing the process behind finished work.
Company-owned AI data
Protect the private data asset that can later support private memory, evals, handoff, workflow analytics, or company-specific review under your rules.
Protect your AI work. Own the private data asset.
Download DataMoat v2.0.1 and start backing up supported sessions, skills, and attachments before they disappear.
Download links verify the newest macOS and Windows assets from DataMoat release downloads.
Get DataMoat for macOS
macOS DMGLinux sourceWindows ZIP + DataMoat.exe
FAQ
Is my AI work ever uploaded to DataMoat?No. Your vault stays on your machine; DataMoat does not receive your work history or keys.
The landing page may call the DataMoat release manifest to keep the download button current, but DataMoat does not receive your prompts, transcripts, tool output, files, skills, attachments, vault database, vault keys, or search history.
How is my private data asset used?DataMoat protects the asset first; you decide how it is used later.
DataMoat captures and encrypts supported local work traces first. Any later use for private memory, evaluation, handoff, or workflow review depends on your permissions, policies, and choices.
How does it save work before compaction or cleanup?A local watcher processes new source records as they are written and stores them into the encrypted vault.
For supported sources, DataMoat watches local transcript files and tracks byte offsets so new records can be captured quickly before compaction, retention cleanup, app format changes, device loss, or server moves make the original history harder to recover.
What exactly is captured today?Supported sessions, skills, and attachments from Claude, Codex, Cursor, OpenClaw, and local agent records.
DataMoat preserves supported local transcript text, prompts, responses, tool output, timestamps, source metadata, stable image attachments, supported file/PDF blocks, full SKILL.md folder snapshots, and locally stored thinking tokens or reasoning blocks when the source application writes that content to disk.
What are the source-service boundaries?DataMoat captures supported local records already present on your device and accessible to you.
DataMoat does not grant additional rights to source-service content. You remain responsible for the terms, policies, plan restrictions, internal rules, permissions, and laws that apply to Claude, Codex, OpenClaw, Cursor, and any other source service you use.
Why are Claude CLI and Codex CLI/app reasoning records different?Claude CLI can write full local thinking blocks; Codex CLI/app often writes metadata without raw reasoning text.
DataMoat preserves what is locally available. Claude CLI local session records can include full thinking text, while newer Codex CLI/app records often keep reasoning content unavailable or encrypted by the source app, so DataMoat preserves transcript, tool output, timestamps, metadata, and attachments instead.
What makes it safer than a normal export folder?The saved copy is encrypted, searchable after unlock, versioned, and backed by a hash-chained local audit log.
A plaintext export is easy to leak, modify, lose, or misread later. DataMoat keeps the protected vault as the source of truth, encrypts raw records, state, offsets, and attachment blobs, and lets you verify the current hash-chained audit log with datamoat audit verify. The local audit chain is tamper-evident, not deletion-proof without an external checkpoint.
What if somebody copies my DataMoat folder?They get encrypted vault files, not readable transcripts.
Vault records, skills, attachments, offsets, and session index state are encrypted at rest with AES-256-GCM. Passwords are stored as scrypt verifiers, not plaintext, and the UI still requires an approved unlock path before old records can be read or searched.
How do password, TOTP, Touch ID, and recovery fit together?Password and optional TOTP protect normal unlock; recovery material exists for account recovery.
Source installs support password, optional TOTP, a 24-word BIP-39 recovery phrase, and one-time recovery codes. The packaged macOS app adds Touch ID and Secure Enclave-backed daily unlock on supported Macs.
What happens if I forget my password or lose my authenticator?Use the 24-word recovery phrase or one of the one-time recovery codes.
Recovery is designed so you can regain access without storing your password in plaintext. Recovery material is shown locally during setup and should be kept offline by the human user.
Can Claude CLI, Codex CLI, Codex app, or OpenClaw install it for me?They can start the install, but final setup should happen on the protected desktop.
An AI agent can download the macOS DMG or Windows ZIP, start DataMoat, and begin the remote no-screen capture flow. Password setup, TOTP enrollment, Touch ID, the 24-word phrase, and recovery codes should be completed by the human user on the machine being protected, not relayed through chat screenshots or remote messages.
Will the download button find the latest version?Yes. It shows the current version number and checks the DataMoat release manifest for the newest assets.
The page starts with v2.0.1 in the HTML and then asks downloads.datamoat.org for the current latest release manifest. If the manifest is unavailable, the buttons keep using first-party download routes and GitHub remains only the archive fallback.
Is DataMoat open source?The repository is source-available under BUSL-1.1 with an Additional Use Grant.
Personal use and internal company use are allowed by the grant. It is not an OSI-approved open source license, so production, resale, hosting, or other uses outside the grant should be checked against LICENSE.md.