Sign in Subscribe

Profile Snapshots

Last updated on 
Profile Snapshots

This replaces the Profile Backup (Cloud) KB article.

Snapshots make a periodic backup of a Profile to the cloud.

You can restore a Profile from a Snapshot at any time to recover groups, apps, tabs, bookmarks, settings etc. Snapshots can also be used to setup Wavebox on another computer.

Snapshots are automatically created every 24 hours and are stored securely in your cloud account. Snapshots can be disabled in Settings.

Snapshots Overview

  • Automatically enabled for new and existing users from January 19th 2026.
  • Snapshots replace Profile Sync for backing up a Profile to the cloud. (Profile Sync is still used to sync a Profile on multiple computers).
  • There are separate Snapshots for each Profile.
  • Snapshots are stored securely and fully encrypted in the cloud (see section below).
  • A new Snapshot is created approximately every 24 hours.
  • You can manually create a new Snapshot at anytime.
  • Snapshots can be managed from Settings > General Tab > Data & Sync.
  • Snapshots can be disabled at any time.
  • You can restore any Profile Snapshot from any computer that's signed-in with the same Wavebox account.

What's Included in Snapshots?

  • Settings
  • Groups, Apps, Tabs, Saved Items
  • Bookmarks
  • Extensions
  • Smart Notes
  • Brainbox
  • Dashboards and widgets
  • Desktop Web Apps
  • ⚠️ Passwords (existing users — see note below).

Managing Snapshots

  1. Go to Settings > General Tab > Data & Sync > Snapshots
  2. You can check when the last snapshot was created.
  3. You can select [Manage] for more actions.

Enable/Disable Passwords

  1. Passwords are included in snapshots for new users.
  2. Go to Settings > General Tab > Data & Sync > Snapshots
  3. Select [Manage]
  4. Look for "Password Backup" and toggle ON/OFF.

⚠️ Enabling Passwords

To include passwords in Snapshots, all existing users must manually enable them by re-authenticating their Wavebox login email.

To do this:

  1. Go to Settings > General Tab > Data & Sync > Snapshots
  2. Look for "Password backup turned off" and click on Fix.
  3. Follow the steps to verify your login email.
  4. Passwords are then included in your Snapshots.

Manually Create a New Snapshot

  1. Go to Settings > General Tab > Data & Sync > Snapshots
  2. Select [Create Snapshot]

View all Snapshots

  1. Go to Settings > General Tab > Data & Sync > Snapshots
  2. Select [Manage]
  3. Look for "Available Snapshots for this Profile" at the bottom of the window to see snapshots for the Profile you are using on that computer.
  4. Click on [View all Snapshots]
  5. The All Snapshots window displays a list of snapshots from all your computers.
  6. Legacy Backups: At the bottom of the list are your older Profile backups, where available. These will be retired eventually.

Restore a Snapshot

  1. Go to Settings > General Tab > Data & Sync > Snapshots
  2. Select [Restore Snapshot]
  3. In the All Snapshots window, find the snapshot you want to restore from.
  4. Click on the 🕣 Timer icon for that Snapshot.
  5. ⚠️ Check the Restore Prompt carefully and click on [Restore Snapshot] to continue.
  6. Wavebox will restart, opening the restored Profile.
  7. Note that any other Profiles will also shutdown. Reopen them manually using the Profile icon top-right.

Enable/Disable Snapshots

  1. Go to Settings > General Tab > Data & Sync > Snapshots
  2. Select [Manage]
  3. Look for "Automatic Snapshots", and toggle ON/OFF.

Snapshot Encryption

Wavebox encrypts your snapshot data using keys derived directly from your login credentials—whether you sign-in with Google, Microsoft, or email and password. This approach means encryption keys are never stored on our servers; they're generated on-demand each time you authenticate. The result is a zero-knowledge architecture where only you can access your encrypted data, while still allowing seamless recovery simply by signing back in. Here's how it works under the hood.

Deterministic Key Derivation 

Wavebox uses HKDF (HMAC-based Key Derivation Function) to derive encryption keys from either your Google OAuth, Microsoft OAuth or Email/Password. 

The Cryptography

We use AES-256 for symmetric encryption with the derived key. The key is only stored on the client (your computer) so there is no access server-side to sensitive information. 

Key Properties 

  • Deterministic: Same credentials → same key (enables re-authentication to recover the key).
  • No key storage: Keys are derived on-demand, eliminating key database compromise risk.
  • Provider isolation: Salt includes provider name so Google and Microsoft keys are cryptographically independent.
  • 256-bit AES key: Produces a 32-byte key suitable for AES-256 encryption. 

The Flow 

OAuth/Login → Extract ID (sub/oid/password) → HKDF → WebSocket broadcast → Desktop client. 

After authentication, the server broadcasts the derived key to the client's WebSocket channel. The client uses this to encrypt/decrypt snapshot data locally. 

Security Considerations 

  • No sensitive data stored server-side: Keys are never persisted.
  • Password change = new key: Users changing passwords get a different encryption key (old snapshots won't decrypt with new key).
  • Transport security: Keys only sent to authenticated client channel over WSS.
Profile Sync
Profile Sync keeps your Wavebox setup, apps, and data updated across multiple computers in real time—perfect for seamless, consistent browsing anywhere.
Wavebox HUBSusan Davies
Profile Sync: Tab Restore
When using Wavebox on multiple computers, you can restore open tabs from one to another using the tabs from other devices feature. This helps you pick up where you left off and continue browsing seamlessly on different computers. Profile Sync must be enabled to use this feature. Tabs do not
Wavebox HUBSusan Davies