End-to-End Encryption

πŸ”

End-to-End Encryption

Protect your text data with strong encryption. When enabled, your entries,

notes
, and tasks are encrypted on your device before syncing. Only you can decrypt and read your data.

What's Protected

πŸ”’

Text Data (Encrypted)

Fully Protected
☁️

Media Files (Not Encrypted)

Standard Cloud Storage
  • βœ“Photos and images
  • βœ“File attachments
  • βœ“Stored directly in your Google Drive/iCloud
  • βœ“Journal it! backend has no access
  • βœ“Uses cloud provider's standard security

How It Works

πŸ”‘
1

Create Passphrase

You create a strong passphrase that only you know

πŸ“±
2

Local Encryption

Data is encrypted on your device before leaving

☁️
3

Secure Sync

Encrypted data syncs to cloud - unreadable to anyone else

Even we can't read your encrypted data. Only your passphrase can decrypt it.

Technical Detail: Journal it! uses two-layer security. Your passphrase encrypts/decrypts an encryption key, which in turn encrypts/decrypts your data. The encryption key never leaves your device.

Setting Up Encryption

Enable End-to-End Encryption

  1. βœ“

    Go to Settings β†’ Security

    Find the security section in your app settings

  2. βœ“

    Tap 'Enable End-to-End Encryption'

    Start the encryption setup process

  3. βœ“

    Create a strong passphrase

    Use a memorable but secure passphrase (12+ characters recommended)

  4. βœ“

    Confirm your passphrase

    Re-enter to ensure you've typed it correctly

  5. βœ“

    Tap 'Encrypt All'

    Initiate the encryption process for your existing data

  6. βœ“

    Write down your passphrase

    Store it in a secure place - you'll need it to access your data

  7. βœ“

    Wait for encryption to complete

    Your existing data will be encrypted (may take a few moments)

Success! Your text data is now end-to-end encrypted. You'll need your passphrase when signing in on new devices.

Critical Information

⚠️Important Warnings

  • β€’
    Limited recovery options: If you forget your passphrase, recovery options are limited. You can set a new passphrase on any device where the app is still working, or enter 'export' when prompted to save local data. Without access to any device with cached data, encrypted data cannot be recovered.
  • β€’
    Write it down: Store your passphrase in a secure physical location. Don't rely only on memory.
  • β€’
    We cannot help: Support cannot recover your passphrase or decrypt your data. This is by design for your security.

Frequently Asked Questions

What happens if I forget my passphrase?

There are limited recovery options: 1) If you have the app working on another device, you can set a new passphrase there. 2) If you don't have another device but have local data, enter 'export' when prompted for the passphrase to be redirected to Settings where you can export your local data to PDF or ZIP. 3) If there's no working device and no local data, unfortunately your encrypted data cannot be recovered. Store your passphrase securely to avoid this situation.

Can I change my passphrase?

Yes, you can change your passphrase in Settings β†’ Security. When you change your passphrase, only the passphrase that protects your encryption key is updated - your actual data encryption remains unchanged. This is because Journal it! uses a two-layer security model: your passphrase encrypts the encryption key, and that key encrypts your data.

Does encryption affect sync speed?

There's a small performance impact as data needs to be encrypted/decrypted. This is mostly noticeable during the first sync on a new device for accounts with large amounts of data. For day-to-day use, the impact is minimal. The security benefit far outweighs the speed difference.

Why aren't media files encrypted?

Media files (photos, videos, attachments) are NOT end-to-end encrypted. They're stored directly in your Google Drive or iCloud account using their standard security. This approach allows for better performance, unlimited storage, and direct access to your files. Journal it!'s backend never has access to these files - they go directly between your device and your cloud storage.

Do I need to enter my passphrase often?

You'll need to enter it when signing in on a new device or after signing out. Once entered, the device securely caches the encryption key (not the passphrase itself), so you don't need to enter your passphrase every time you open the app.

What happens to my encryption if I change devices?

Your encrypted data remains secure across all devices. When you sign in on a new device with your passphrase, the app retrieves your encryption key (which is itself encrypted with your passphrase) and uses it to decrypt your data locally. The actual encryption of your data never changes.

Are exported ZIP files encrypted?

No, exported ZIP files are NOT encrypted. End-to-end encryption protects your data on our backend servers, but when you export data to ZIP or PDF, it's decrypted for local use. Handle exported files with care and store them securely, as they contain your unencrypted journal data.

Best Practices

πŸ’ͺ

Strong Passphrase

Use a passphrase with 12+ characters, mixing words, numbers, and symbols. Consider using a memorable sentence.

πŸ“

Physical Backup

Write your passphrase on paper and store it in a secure location like a safe or safety deposit box.

πŸ”

Password Manager

Consider storing your passphrase in a reputable password manager as a backup method.

🚫

Never Share

Don't share your passphrase with anyone, including support. We will never ask for it.

βŒπŸ•ΈοΈ