How Ecoscope Desktop Stores Data

Ecoscope Desktop stores data locally on your computer so that workflows can run without requiring cloud processing. To protect sensitive information, the application uses your operating system’s secure storage system to encrypt credentials and other sensitive configuration data.

This approach ensures that credentials are never stored as plain text on disk while still allowing workflows to access the data sources they need.

Encrypted Data

Sensitive information stored by Ecoscope Desktop is encrypted using the secure storage system provided by your operating system (such as the macOS Keychain or equivalent credential manager).

The following information is stored in encrypted form:

  • Data source credentials (for example, EarthRanger usernames and passwords)
  • Service account credentials used for integrations such as Google Earth Engine
  • Confirmation that the End User License Agreement (EULA) has been accepted

These credentials and information remain encrypted while stored on disk and are only decrypted temporarily into memory while Ecoscope Desktop is running. At no point are the unencrypted values of these pieces of data stored at rest on your disk.

How Credentials Are Used

When a workflow runs, Ecoscope Desktop decrypts the required credentials in memory so it can access the configured data source.

Once the application is closed, credentials remain encrypted on disk and are not accessible without the operating system’s secure storage permissions.

This process ensures that sensitive information is protected even though workflows are executed locally.

Data That Is Not Encrypted

Some files created or used by Ecoscope Desktop are not encrypted because they are intended for direct access and analysis.

These include:

  • Workflow templates
  • Workflow outputs and generated results (such as HTML dashboards or data files)

These files are stored locally so users can review, export, and share the results of their workflows.

Important Behavior

Ecoscope Desktop does not validate data source credentials during the configuration step. If credentials or configuration parameters are incorrect, errors will appear only when a workflow is executed.

When this happens, the workflow will show a Failed status and the error details can be reviewed in the workflow logs and metadata panel.