Skip to main content

The Device Model

GLYPH treats every device as an independent participant — a property that gives the platform its zero-trust security and that adds a dimension to admin work.

Why devices matter

Every time a user logs in from a new phone, laptop, or browser, that device is authenticated and added to their personal device list. The device gets its own cryptographic identity. From that moment on, every group the user is in makes an independent decision about whether that specific device can decrypt content.

The practical consequence: you don't add people to groups, you add device-membership pairs. A user with three devices in ten groups = potentially thirty separate trust decisions. Most of the time you'll add all of a member's devices to a group at once and never think about it again — but the model is per-device, and that surfaces whenever something interesting happens (lost phone, departed employee, hardware refresh).

Devices are authenticated individually

A user with a laptop, phone, and tablet = three trust decisions, not one. Each device gets its own keys and is added to a group independently.

How devices get into a group depends on the group's visibility:

  • In Open groups, members can join on their own and add their own devices without admin involvement.
  • In Private groups, an Owner or Manager has to add the member (with at least one device) first. After that, the member can add their own additional devices.

When a user gets a new phone, that phone is a brand-new entity that has to be added to every group it needs. Manage devices as carefully as members.

Removing one device leaves the others intact

Removing a single device from a member's list (or having an admin remove a device from a group) doesn't affect the user's other devices. The user can still read and post from any device that's still authorized.

This works both ways — losing a phone doesn't lock a user out of GLYPH if they have other devices, and removing a single compromised device doesn't punish the rest of the user's setup.

Deleting the app or clearing browser data wipes the device

GLYPH stores a device's content and encryption keys locally on that device. Deleting the GLYPH app — or clearing browser data for GLYPH on a web device — erases all of it. There's no recovery: GLYPH treats a wiped device as gone, and the user has to set up a fresh device from scratch and re-join every group it needs.

Worth knowing for troubleshooting: reinstalling the app or clearing browser cache to "fix" something effectively starts that device over. Re-add the fresh device to its groups afterward.

What this means for admins

  • Treat new hardware as new membership. When a member gets a new phone or laptop, it isn't automatically in any group — re-add it everywhere it needs to participate.
  • Use device removal for lost/stolen reports. Removing the device from the user's list cuts that device off from every group it was in, without touching the user's other devices.
  • Promote good device hygiene. Remove old devices when replacing hardware. Members should keep their own device list curated; verify directly on critical groups rather than waiting.
  • Don't over-rotate. Members benefit from having multiple devices on important groups — losing one (or wiping one to troubleshoot) doesn't lock them out.

See Account Roles for the workspace-level powers that govern device management.