Notes are encrypted before they leave your device. The server stores only the encrypted result. A database breach exposes nothing readable.
Security levelMaximum
🔒
Private: only you
Encrypted on your device with a key derived from your account. Sign in on any phone and access restores automatically. Nobody else can read it.
👥
Group: members only
Encrypted with a group key that every member computes locally. No key is transmitted. Nobody outside the group can read it.
🌐
Public: mutual contacts
Visible to all contacts who share at least one group with you and the subject. Not encrypted, intentionally readable across the group.
🛡️
Local storage encrypted
All local data is encrypted with a random key stored in the device keystore: Android Keystore or iOS Keychain.
🔐
Tokens in OS Keystore
Auth tokens (JWT) are stored exclusively in OS Keystore / Keychain, not in SharedPreferences or on disk.
📡
HTTPS + Certificate Pinning
All traffic is TLS-encrypted. The app pins the server certificate and rejects MITM attempts, including corporate proxies.
How the encryption works
Private and group notes are encrypted before they leave your device. The server stores only the encrypted result and cannot read your data. A full database dump exposes nothing useful.