Threat model basics: who can't read your note (and who could)

We design so that we (and an attacker with our database) cannot read your note without your password. We don’t log plaintext or keys. So: malicious or compromised server, subpoena for our data, or a DB leak—in all those cases, the note stays encrypted.

What we don’t protect against

• Someone who has your password (phishing, shoulder surf, keylogger, or you shared it).
• Someone with access to your unlocked device or browser session.
• Malware on your machine that reads memory or clipboard.
• A compromised or malicious browser extension.

What you can do

Use a strong, unique password. Don’t paste the password into the same channel as the link. Lock your device when you step away. Use a browser you trust and avoid sketchy extensions. Zero-knowledge takes the server out of the trust equation; the rest is up to you.