← Blog

Recovery Phrase Done Right — How Jottii Hands You Real Ownership

Recovery Phrase Done Right — How Jottii Hands You Real Ownership

Most apps tell you your data is yours. Then they hold the keys, and "yours" turns out to mean "available to you, conditionally, while we're around and you're in good standing."

Jottii's recovery phrase is the architecture's commitment to actually meaning it. The catch is that real ownership is also real responsibility. Here's how the model works, why we made the call, and how to use it without losing your data.

The problem the recovery phrase solves

In a zero-knowledge app, the master key — the thing that decrypts your entries — must never reach the company's servers. (See Zero-Knowledge Architecture, Without the Jargon.)

That creates a tension: if the master key is on your device, what happens when you sign in on a new device? Or when you wipe your phone? Or when you forget your password?

A bad answer: "We'll keep a copy of the key for you." This is what most "secure" cloud apps do. It looks user-friendly. It also means the company can decrypt your data, breaking the zero-knowledge promise.

The right answer: "We give you the key. You keep it. You bring it to new devices yourself."

That's the recovery phrase. It's a copy of the master key, encoded as a string, that you save somewhere outside Jottii. When you sign in on a new device, you paste it in, and the new device gets the same key as your old one.

If you lose the recovery phrase and lose access to all your existing devices, the data is gone. We say that loudly. It's the proof the system works.

What the recovery phrase actually is

In Jottii's current implementation, the recovery phrase is a base64-encoded copy of the 32-byte master key, presented as a single string. It looks like a long random sequence — not human-readable, not a memorable word list.

We considered using a BIP39-style word list (the kind crypto wallets use), and we may move to it for a v2 — words are more human-readable and easier to write down without typos. The cryptographic content is the same: 256 bits of randomness. The encoding is the user-experience layer.

The signup flow, in detail

When you create a Jottii account:

1. Your device generates 32 random bytes — your master key.
2. The key is stored in iOS Keychain or Android Keystore via expo-secure-store. Never transmitted.
3. You're shown the recovery phrase on screen — once. We strongly suggest copying it to a password manager.
4. We do not save the phrase. There is no "send to email" option, no "show me later" button. If you skip this step, you can re-generate it from your device while signed in, but if you lose your device first, you've lost the key.
5. You're asked to confirm you've saved it before continuing.

The friction here is intentional. Users sometimes complain about it. We take the complaints, and we don't change it, because the alternative is keeping a copy ourselves, and that's the thing we're explicitly not doing.

Adding a new device

When you sign in on a second device:

1. You sign in with your account credentials (email or OAuth).
2. The device asks for your recovery phrase.
3. You paste it. The phrase decodes to the master key, which gets stored in the new device's keychain.
4. From this point on, the new device has the same key as the old one and can decrypt all your entries.

The recovery phrase is needed exactly once per device. After that, the local keychain handles ongoing access.

Losing access — what happens

Three scenarios:

You forget your password but still have a signed-in device. Easy. Reset the password through normal flows. The master key is on the device, untouched by the password reset.

You lose all your devices but have the recovery phrase. Sign in on a new device, paste the recovery phrase. Your encrypted entries are still on our servers; the new device can decrypt them.

You lose all your devices and the recovery phrase. Your entries are gone. We can't help. We don't have the key. No one does.

The third case is the price of real privacy. We try to make it as unlikely as possible by being loud about saving the phrase, but we don't reduce its consequence by silently keeping a backup. That backup would be the thing that breaks the architecture.

How to store the phrase safely

The recovery phrase is the most sensitive secret in your Jottii life. Treat it accordingly.

Recommended:

• Save it in a password manager (1Password, Bitwarden, KeePass, iCloud Keychain). The password manager itself is presumably backed up.
• Print a copy and keep it in a physical safe or a sealed envelope in a place you trust.
• For high-sensitivity users: split the phrase across two locations using a simple secret-sharing scheme (write half on each of two paper copies, separately stored).

Not recommended:

• A note on your phone that syncs to a cloud you don't control the encryption of.
• An email to yourself.
• A photo of the phrase on your camera roll (which probably backs up to a cloud).
• A Slack DM to yourself.

These are all places where the phrase is, in principle, accessible to a third party. Good for convenience, bad for the threat model.

The philosophical bit

A recurring critique: "this is too hard for normal users." We hear it. We disagree, mostly.

The framing of "too hard" assumes the alternative — companies holding keys for users — is the floor. It is the floor for most apps and we think the floor is too low. The bar for a journal — for the place you write things you wouldn't say out loud — should be that you, not a company, are in charge of access.

That bar requires you to take one minute at signup to save a string. Once saved, it doesn't bother you again unless you lose every device. For 99% of users, that "every device" event never happens. For the 1% it does, the phrase is the difference between having your journal back and not.

It's a small price for a large guarantee. We think privacy-first users are willing to pay it, and the user reports back this up.

The broader pattern

Recovery phrases are common in cryptocurrency wallets, where the same trade-off exists: you own the key, you bear the consequence. Cryptocurrency users have lost billions to lost phrases. They've also retained access to billions through correct phrase storage. The model works when users take it seriously.

A journal isn't a Bitcoin wallet, but the trust model is similar. Real ownership means real responsibility. The recovery phrase is the artifact of that ownership.

If this model fits your view of how a private app should work, Jottii is built around exactly this — and saving the recovery phrase is the only complicated thing you'll be asked to do.

• #features
• #security
• #recovery
• #ownership