Why we encrypt in the browser (and what happens to your password)
Client-side encryption isn’t just a feature—it’s the only way we can promise we never see your data.
Encryption happens in your browser using the Web Crypto API. Your password never leaves your device. We derive a key from it with PBKDF2, use that key for AES-256-GCM, and send only the ciphertext and the public parameters (salt, IV) to the server. The key is discarded after the request.
What “client-side” actually means
It means the critical operations—key derivation and encrypt/decrypt—run in JavaScript in the user’s tab. We don’t have a “secure server” that does crypto for you; that would require sending your password or key to us. So we never see plaintext or keys.
Trade-offs we accepted
We can’t do “forgot password” or “reset via email.” We can’t search your notes on the server. We can’t show you a list of your notes unless you had a way to authenticate (we don’t). Those limitations are the direct result of not having your key—and we’re fine with that.