WHY SHELTER IS OFFLINE-FIRST

When the power goes out, your internet goes with it. Mobile networks become congested or fail entirely within hours of a major incident — exactly when you need reliable information the most. Building a preparedness app that requires a server connection would be building it on the wrong foundation.

Every feature in Shelter works on airplane mode. Your kit checklist, your family emergency plan, your encrypted document vault, your scenario training — all of it runs entirely on your device. There is no "sync required" prompt, no degraded mode, no spinner waiting for a server response. The app you see on a Tuesday afternoon at home is the same app you get at 2 a.m. during a power outage.

This is a deliberate architectural choice, not a technical compromise. All business logic lives in shelter-core, a Rust library compiled directly into the app. Your data never leaves your device unless you explicitly choose to export it. There is no account to log into, no cloud to reach, and no third-party service whose availability you depend on. The only network the app ever uses is one you choose to make: an optional, future sync feature for households who want it.

The side effect of offline-first is privacy-first. Data that never travels cannot be intercepted, subpoenaed, or leaked in a breach. Your family's meeting points, your children's names, your stored identity documents — they stay on your device, encrypted with a key that only you hold. This is not a compliance checkbox. It is the only architecture that makes sense for the information people store in a preparedness app.