When you save something here, it doesn’t get stored in plain form. Instead, your content is scrambled using a secret code called a Data Key. Scrambling, or encryption, is a bit like multiplying two very large numbers together: it’s easy to do, but without the right key, reversing it is practically impossible. To anyone without the key, your files just look like random noise.
That Data Key is itself locked away. When you first join, you choose a master passphrase. Your browser uses some heavy-duty math (Argon2id) to turn that passphrase into a strong key, and with it, it wraps up the Data Key into a sealed package. We only keep the sealed package. Without your passphrase, the Data Key — and therefore your data — stays locked forever.
There are actually two keys in play. One is a lightweight “upload token” your phone keeps, which lets you drop new items in quickly. The other is your master passphrase, which is required to actually read anything back. That way you could share the ability to contribute without giving anyone access to your private content.
On your device, you don’t have to type the passphrase every time. After the first unlock, your phone’s secure chip creates its own credential tied to Face ID or Touch ID. With that in place, your device can re-unlock your Data Key on demand, while your passphrase itself never leaves your hands.
Even if someone were to copy our database or storage, what they’d find are only ciphertexts — scrambled blobs — and sealed keys. Without your passphrase or your device, those blobs can’t be turned back into photos, notes, or links. The math that protects you here — AES, XChaCha, Argon2 — is the same class of cryptography used to secure banking and private messaging.
In short: we hold your data, but not the keys. Only you can ever unlock it.