Case Study · Desktop App · Private Software

Mudrashram Ledger

A private, encrypted desktop application for recording and managing client spiritual guidance sessions — built local-first, so sensitive data never leaves the device.

Client
Spiritual teacher, private practice — Miami, FL
Engagement
Custom software, design through delivery
Platform
Native macOS desktop application
Stack
Tauri v2 · Rust · React · TypeScript · SQLCipher · Cloudflare R2
Mudrashram Ledger dashboard showing recent encounters and follow-up tracking

The problem

A spiritual teacher in Miami needed to log and track client sessions, milestones, and follow-ups across a growing private practice. Every off-the-shelf option — CRMs, note apps, practice-management SaaS — required trusting a third-party cloud with deeply personal client records. For this practice, that was a non-starter. The records describe private guidance sessions; confidentiality isn't a feature preference, it's the foundation of the client relationship.

The requirements were unusual and strict: all data stays on the practitioner's own machine, encrypted at rest, with no accounts, no telemetry, and no server anywhere in the architecture — but the tool still had to feel like modern software, not a spreadsheet workaround.

The approach

We designed Mudrashram Ledger as a local-first desktop application. There is no backend. The entire data layer is an AES-256 encrypted SQLite database (SQLCipher) that lives on-device and is unlocked by the practitioner's password. Because there's no server, there's nothing to breach remotely, no subscription dependency, and no vendor who can read the data — including us.

Going local-first creates two hard problems that cloud apps solve for free: what happens if the password is lost, and what happens if the machine dies. We solved the first with an offline recovery key system — a one-time key generated at setup that can reset the password without any server involvement. We solved the second with encrypted backup and restore, including automatic safety snapshots before risky operations like imports.

The build

We chose Tauri v2 with a Rust core over Electron: the installed app is a fraction of the size, uses far less memory, and the security-critical code paths — encryption, file handling, database access — run in Rust rather than JavaScript. The interface is React + TypeScript, which let us ship a polished, responsive UI on the same timeline as the hardened core.

  • Encrypted local database — SQLCipher, AES-256, unlocked per-session
  • Client profiles — with a milestone timeline per client
  • Follow-up dashboard — upcoming and overdue follow-ups at a glance
  • CSV import — with validation and a preview step for historical records
  • Backup & restore — encrypted exports plus automatic safety snapshots
  • Recovery key system — offline password reset, no server required

Secure delivery

Even distribution avoids third parties. The signed installer is stored in Cloudflare R2 and served through a token-gated Cloudflare Worker at a branded download domain. The client receives a branded email with a private, expiring download link — no app store, no public URL, no file-sharing service in the middle.

The outcome

The practitioner now runs the entire practice — session records, milestones, follow-ups, historical imports — in one purpose-built tool, with confidentiality guarantees no cloud product could offer. Delivered as a native app with a secure update path, it costs nothing per month and depends on no one's servers staying up.