No password recovery isn't a bug—here's why we can't help if you forget
If you lose the password, the note is gone. That’s not a design oversight; it’s the only way zero-knowledge can work.
We get asked “what if I forget my password?” more than almost anything else. The answer is: we can’t recover the note. We don’t store your password or any key. The only place the key ever existed was in your browser at the moment you decrypted. Once you close the tab or clear state, we have no way to recreate it.
Why we don’t offer “reset via email”
Any recovery flow would require us to be able to decrypt your data—or to have stored something that lets us or you derive the key. The moment we have that, we’re no longer zero-knowledge. So the only safe design is: you are the only source of the password. Write it down, use a password manager, or accept that losing it means losing the note.
What we do instead
We make the “Secure This Note” and “Password Required” flows clear. We don’t hide the fact that there’s no recovery. And we support changing the password from inside the editor so you can rotate it or fix a typo without creating a new note.