Identity, on your terms
Account
One sign-in for every program. Tokens stay encrypted on your machine. Your AI Tutor conversations, library state, and chat cache never leave the launcher without an explicit choice.
What it actually does
- One sign-in across every program
- Tokens stay encrypted on your machine
- Per-channel notification controls
- Federated handles alongside your Eternia identity
Surfaces
Account overlay
Top-right account menu.
Settings
About / Security / Preferences / Notifications / Privacy.
Public profile
Native + federated.
Tier display
Reflects your relationship.
Data export
In flightRequest your data.
How sign-in works
One sign-in for every program. Tokens stay encrypted on your machine.
- You click Sign In in the launcher.
- Your browser opens; Keycloak shows the login form.
- You authenticate (password, 2FA, whatever your IdP requires).
- The token comes back to a local-only callback URL on your machine.
- The launcher stores it in flutter_secure_storage (DPAPI on Windows).
- You're signed in. Every program — Library, Chat, Marketplace, Education — uses the same token.
Auth routing lives in the AppShell, separate from feature code. That separation means a feature bug can't accidentally leak your auth state.
Privacy posture
Three lists, no hedging. Verified against the launcher brain on 2026-05-18.
What Eternia stores
- Account state
- Entitlement ownership
- Federation handles
- Opt-in analytics (off by default)
What stays on your machine
- Chat cache (AES-GCM-256 encrypted)
- AI Tutor conversations (BYOK)
- Library install state
- Outbox queue
What we never see
- Your AI provider conversations
- Your password (Keycloak hashes it)
- Your AI provider key
Data export & account deletion
Plain copy on how to request your data and how to close your account.
Data export is in active work — once it ships, you'll be able to request a copy of everything Eternia holds about you (account state, entitlements, federation handles, opt-in analytics). The chat cache and AI Tutor conversations are already on your machine; you can copy them by hand if you want them out today.
Account closure is available. The flow is destructive and gates behind a typed confirmation; once closed, your federated handles disengage and your entitlement state is archived per the legal record.
For developers and publishers
Audience #3 — read the security model.
The full security posture lives on /platform/security.