SEALED FROM THE START
Mental health data is among the most sensitive information a person can share. A diary entry written during a depressive episode, a pattern of sleepless nights, a record of difficult conversations — this is not data that should sit on someone else's server in readable form. We designed the architecture of this product around that belief before we wrote a line of code.
When you store something in the app, your device encrypts it before sending it anywhere. Think of it like sealing a letter before putting it in the post — we handle the envelope, but we cannot open it. The key to that lock never leaves your device.
When you choose to run an analysis, a copy of just that data is temporarily decrypted on a dedicated processing server. It is never written to disk — it exists only briefly in memory. We see an envelope go out, an envelope come back. We do not see what is inside.
We are implementing a two-tier encryption model:
Storage layer — client-side encryption
Your master key is derived from your password on your device using
a standard key derivation function. It is never transmitted to our
servers. Account recovery works through a recovery phrase that
also wraps the master key — no server-side key.
Analysis layer — ephemeral per-job key exchange
When you trigger an analysis, your device negotiates a separate,
single-use symmetric key with the analysis worker. The worker
decrypts it in memory, runs the analysis, and re-encrypts the
result. The job key is never stored. A breach of our database
reveals only ciphertext no one can read.
We do not call this zero-knowledge, because that would not be accurate. What we can claim is zero-knowledge storage at rest and minimal-exposure, ephemeral processing for analysis. We think honesty about this distinction matters.
This is our target architecture. Parts of it are in active development, and we will update this page as each layer ships. We are also researching Trusted Execution Environments — hardware-level secure enclaves — for the analysis worker. We will not claim we have achieved something until we have.
Privacy is not just a technical decision for us — it is a value. If you want to understand the principles that guide how we build and how we work, read about our ideology.