Security

A truly secure and private app was one of the main foundations of our app. We take this seriously, so our app is secure by default.

Security by default

Whenever you're using a free or premium version, notes stay private, and their content is visible only to you.

If you're using a free version, notes stay saved in your browser's local storage. They're not sent anywhere, and they work offline.

More than that, they can be read only by our app.

Safe cloud copy of your notes

To get the note synchronization across all your devices, we need to store them somewhere. But we don't keep them in plain text, silly!

Instead, we're using your password to create a unique encryption key. This one is used to encrypt and decrypt your notes, and it's also happening on your local machine.

The encryption flow

When you log in to the app or set up your account password, we create an encryption key out of it, and we store it in your browser for later use. It works like a super-secure, long, random(ish) password to your notes. We also display it to you, and you should treat it as a password. Store it somewhere else, like a password manager for later use.

If you forgot your primary password, this encryption key would be the only way to decrypt your notes. If you lost it, you'd need a quantum computer to see your notes again. Which is not going to happen in a couple of years, sorry.

On our servers, we keep only an encrypted version of your primary password and hashes of your notes. You keep the secret sauce, and no one else can read your notes. Not even us.

What happens when you change your password? We decrypt all your notes with your old password and encrypt them again with a new one. Easy.

Note hash example

If your note's content is this:

This is what we store in our database:

And only we know the key 😈

If you have any questions on how MadNotes work, drop by our Community and ask away!