What we store on the server (and what we never see)

We’re happy to be explicit about what hits our database. For each note we store: the note slug (from the URL), the ciphertext (encrypted body), the salt (for PBKDF2), the IV (for AES-GCM), and KDF parameters (iteration count, etc.). That’s it. No password, no key, no plaintext.

Why salt and IV are safe to store

Salt and IV are not secret. They’re meant to be public. The salt ensures two users with the same password get different keys. The IV ensures the same key doesn’t produce the same ciphertext twice. An attacker with salt and IV still can’t decrypt without your password.

What we don’t store

• Your password or any hash of it that we could crack.
• The derived encryption key.
• Plaintext or any reversible form of your note.
• IP or logs that would tie a decrypt action to a specific note (we don’t log note access).