Self-discovery, self-love, personal growth.

How our encryption works

Every KindMind app shares one vault design: zero-knowledge encryption. That phrase has a precise meaning. Your words are sealed on your device with keys only you hold, so we serve you without ever being able to read you. Here is exactly how.

  1. 1

    Your password becomes a key

    On your device, your password is run through PBKDF2-SHA256 with 600,000 iterations and a random salt. The result is a key that never leaves your browser. We never see your password, and we never see this key.

  2. 2

    Your words are sealed before they travel

    Everything you write is encrypted on your device with AES-256-GCM, using a fresh random IV every single time you save. Only the sealed ciphertext is sent to our servers.

  3. 3

    The master key stays yours

    Your content is encrypted with a master key, and that master key is itself wrapped (AES-KW) by your password-derived key. We store only the wrapped version. Unwrapping it requires your password, which only you have.

  4. 4

    Recovery without a back door

    Your recovery key IS your master key, exported for you to write down when you sign up. If you lose your password, the recovery key restores access. If you lose both, nobody can unlock your words. Not even us. That's the deal, and it's the point.

  5. 5

    AI without exposure

    Conversations with your guide are decrypted on your device and relayed through a stateless edge proxy, which runs an automated safety check before the message reaches the AI. Plaintext never touches our application servers and is never stored. If the check flags a concern, a category-level record comes to us, never your words. If it flags a serious concern, the proxy also skips the AI reply and sends back a fixed supportive message with crisis resources instead. What comes back is sealed again on your device before it is saved.

What this means in practice

We cannot see

  • Your journal entries
  • Your reflections and chats with your guide
  • Your list titles and items
  • Your check-in answers
  • Your display name

We can see

  • Your account email and billing status
  • That encrypted records exist, and when
  • Anonymous usage events (never content)
  • Category-level safety records when the safety check flags a conversation, or content-free error records when the check fails (categories only, never content)

The same promise holds in every app we make. No sibling ever ships with weaker privacy than the journal.

Questions about any of this?

We love talking about it. Really!

hello@kindmind.com