Zero-knowledge encryption: what it actually means when we can't see your data
We literally cannot read your notes. Here's what that implies for you and for us.
When we say zero-knowledge, we mean it: the server never has your password or the key that decrypts your note. Everything is encrypted in your browser before it hits the wire. That’s not marketing—it’s the only way we could sleep at night running a note-taking product.
What the server actually stores
We store ciphertext, a salt, an IV, and key-derivation metadata. No plaintext, no password hashes we could crack. If someone stole our database, they’d get a pile of random-looking bytes. Without your password, those bytes are useless.
Why it matters for you
You don’t have to trust us with the content. You only need to trust that we don’t mess with the crypto (we use the Web Crypto API and standard algorithms) and that we don’t log or exfiltrate your key. We don’t have your key to begin with—it’s derived in your browser and never sent.