It’s pretty simple:
-
Logging in retrieves a copy of your encrypted vault data from the cloud, stores the encrypted data file (
data.json
) in persistent storage on your device (e.g., on your hard drive), and automatically proceeds to unlock your vault. -
Unlocking reads the
data.json
file, decrypts its contents, and stores the decrypted vault data in the memory of your device. -
Locking clears the (decrypted) vault data from the memory of your device, but leaves the encrypted
data.json
file in persistent storage on your device. -
Logging out clears the memory of your device (same as locking), but also purges the encrypted contents of the
data.json
file. Thus, your device no longer contains any vault data, either encrypted or decrypted, neither in memory nor on disk.
The majority of users stay logged in all the time, and just lock their vaults when not in use.