Secure Notes uses a Zero-Knowledge architecture. This means your data is encrypted before it ever leaves your browser or is stored on our server. We do not have access to your keys or your notes.
Industry-standard authenticated encryption ensures your notes are both private and tamper-proof.
Your keys are derived from your Phrase and PIN using 100,000 iterations, making brute-force attacks extremely difficult.
Encryption keys exist only in your session. Once you logout or close your browser, they are gone.
Warning: If you forget your Phrase or PIN, your notes are lost forever. We cannot recover them.
No. Due to our Zero-Knowledge architecture, the encryption key is derived only from your Phrase and PIN, which are never stored on the server. The admin only sees encrypted, unreadable data.
No. AES-GCM encryption requires the exact same key used for encryption. Since your key is uniquely derived from your credentials, no other key—generic or otherwise—can unlock your data.
PBKDF2 is a "key stretching" algorithm. By running 100,000 iterations, we make it computationally expensive for an attacker to try millions of combinations (brute-force). It's like adding a massive time-delay to every incorrect guess a hacker might make.
Because we don't store your keys, there is no "Forgot Password" feature. If you lose your credentials, the data is mathematically impossible to recover.