← Blog

What End-to-End Encryption Actually Means for Your Journal

What End-to-End Encryption Actually Means for Your Journal

When a journal app says it's "private" or "secure," that almost never means what you think it means. Most apps encrypt your data in transit (HTTPS, the lock icon in your browser) and at rest (your data sits encrypted on a server disk). Both are good. Neither prevents the company from reading your entries whenever they want.

End-to-end encryption (E2EE) is different. With true E2EE, your words are encrypted on your device, before they ever reach the network. The server stores opaque blobs. The keys to read those blobs live on your device, in your operating system's secure enclave — never with the provider.

This post explains what that actually looks like, why "zero-knowledge" is a stronger claim than "encrypted," and how to tell whether your journal app is one or the other.

The three places your data can be encrypted

1. In transit. Data is encrypted between your device and the server, then decrypted on arrival. TLS/HTTPS is the standard. Every reputable app does this.
2. At rest. The server stores data encrypted on disk. The company holds the key. If law enforcement, a rogue employee, or a breach gets that key, your data is readable.
3. End-to-end. Data is encrypted on your device with a key the server never sees. The server stores ciphertext it cannot decrypt. Even an insider with full database access sees gibberish.

If a marketing page says "encrypted" without specifying which of these three it means, assume it's #1 and #2. That's the floor, not the ceiling.

What "zero-knowledge" adds

Zero-knowledge means the server can prove you're the right user without ever learning your password, your master key, or the contents of your data. The most common pattern:

• You pick a passphrase.
• A key derivation function (Argon2, scrypt, or PBKDF2) stretches it into a master key on your device.
• The master key encrypts your data locally.
• The server only ever sees encrypted blobs and the metadata it strictly needs (timestamps, entry IDs).

If the server is compromised tomorrow, the attacker walks away with ciphertext and a list of dates. Your actual journal entries stay private.

The metadata trap

E2EE protects content. It doesn't always protect metadata — the fact that you wrote on April 12 at 11:47pm, the size of the entry, who you shared it with. A truly privacy-respecting app minimizes the metadata it collects in the first place. Ask:

• Does the app log entry timestamps to the second, or just to the day?
• Does it store IP addresses on every sync?
• Does it have analytics that fire when you open a specific entry?

For a journal, the safest answer to all three is "no, or as little as possible."

How to audit a journal app's privacy claims in five minutes

1. Read the security section of their docs. Look for the words "end-to-end," "zero-knowledge," and a named cipher (AES-256, XChaCha20-Poly1305, NaCl secretbox). Vague phrases like "bank-level encryption" mean nothing.
2. Find the key-management section. If it doesn't explain where your master key lives and how recovery works, the app probably holds it.
3. Check if password resets restore your data. If yes, the company has your data. True E2EE makes recovery painful by design — usually a one-time recovery phrase you saved at signup. That's a feature.
4. Look for a third-party audit. Bonus points for an open-source client that anyone can inspect.
5. Check the threat model. A serious app states what it does not protect against (a compromised device, a screenshot, a coerced unlock). Honesty is a signal.

What Jottii does

Jottii uses NaCl secretbox (XSalsa20-Poly1305, authenticated symmetric encryption). Your master key is a 32-byte random value generated on your device. It's stored in the iOS Keychain or Android Keystore, never transmitted. Every entry is encrypted on-device before sync. The server stores ciphertext and minimal metadata: an entry ID, a date, and timestamps for sorting.

If we lose our database tomorrow, your journal stays unreadable. If you lose your recovery phrase, we can't help you — and that's the trade you make for real privacy. Most companies won't make that trade because it raises support costs. We think it's the only honest model for a journal.

The bottom line

Encryption is a spectrum. "We encrypt your data" tells you almost nothing. "End-to-end encrypted with keys stored only on your device" tells you everything. When you pick a journal — or any app where your raw thoughts live — push past the marketing and read the security docs. The good ones are short, specific, and a little uncomfortable.

If you want a journal built on this model from day one, try Jottii. It's privacy-first by design, not by retrofit.

• #privacy
• #encryption
• #security
• #journaling