What we hold, and how.
Your entries are encrypted at rest using a key derived from a per-user salt and our server secret. We use the standard pgcrypto pgp_sym_encrypt primitive. In plain language: even a stolen copy of our database does not let anyone read your Sundays without also stealing the encryption key from a separate place.
This is not a paranoia feature. It’s a way of saying out loud, on the record, that your words are yours.
One honest caveat: if you are a member, the optional full-archive search needs to index plaintext to find things quickly. That index lives alongside the encrypted bodies. Free members search post-decryption and are unaffected.
We do not analyse your entries to improve a model, sell ads, or feed a feed. We do not have a feed. There is no analytics on what you write — only on whether the email arrived. You can export everything as JSON at any time and delete your account in one click.
The promise is more useful than the lock. But the lock is here too.