End-to-End Encryption
Protect your notes with AES-256-GCM encryption. Your data stays private, even from us.
How It Works
Yooz Notes uses zero-knowledge encryption. This means:
- You set a master password - Only you know it
- We derive a key - Using PBKDF2 with 600,000 iterations
- Notes are encrypted locally - Before any storage
- We never see your data - Cannot decrypt even if asked
Enabling Encryption
Step 1: Open Settings
Click the gear icon in the sidebar or use the keyboard shortcut.
Step 2: Enable Encryption
- Find the Security section
- Toggle Encrypt Notes to ON
- You'll be prompted to create a master password
Step 3: Set Your Master Password
Choose a strong password:
- Minimum 8 characters (12+ recommended)
- Mix of letters, numbers, and symbols
- Unique (not used elsewhere)
We cannot recover your password. If you forget it, your encrypted notes cannot be recovered without the recovery key.
Step 4: Configure Auto-Lock
Set when notes should automatically lock:
- 1 minute - High security
- 5 minutes - Balanced (recommended)
- 10 minutes - Convenience
- Never - Stay unlocked until manual lock
Recovery Key
Why You Need It
The recovery key is your backup if you forget your password. Without it:
- We cannot reset your password
- Your encrypted notes are permanently inaccessible
- This is by design (zero-knowledge)
Generating Your Recovery Key
- Go to Settings > Security
- Click Generate Recovery Key
- A unique key is displayed (e.g.,
XXXX-XXXX-XXXX-XXXX) - Write it down or save securely
Storing Your Recovery Key
- Password manager (1Password, Bitwarden)
- Physical safe
- Bank safety deposit box
- Encrypted note on separate device
Never store it in Yooz Notes itself or unencrypted on your computer.
Using Your Recovery Key
If you forget your password:
- On the lock screen, click Forgot Password?
- Select Use Recovery Key
- Enter your recovery key
- Set a new master password
- Your notes are decrypted with the new password
Security Features
AES-256-GCM
- Industry standard encryption algorithm
- Same encryption used by governments and banks
- 256-bit key length (extremely secure)
- GCM mode provides authentication
PBKDF2 Key Derivation
- Converts your password into encryption key
- 600,000 iterations - Resistant to brute force
- Unique salt per user
- Makes password cracking impractical
Zero-Knowledge Architecture
- Your password never leaves your device
- Encryption happens in your browser
- We store only encrypted blobs
- Cannot comply with data requests (we have nothing)
Using Encrypted Notes
Unlocking Notes
When notes are locked:
- Open Yooz Notes
- Enter your master password
- Click Unlock or press Enter
Locking Notes
Notes lock automatically based on your timer. To lock manually:
- Click the Lock icon in the sidebar
- Or close the browser/tab
Working with Locked Notes
While locked:
- Note titles may be visible (configurable)
- Content is fully encrypted
- Search works on titles only
Best Practices
Password Security
- Use a passphrase - Easier to remember, hard to crack
- Example:
correct-horse-battery-staple
- Example:
- Don't reuse passwords - Unique to Yooz Notes
- Consider a password manager - Generate and store safely
Regular Backups
Even with encryption:
- Export notes periodically
- Store backups securely
- Test recovery process
Security Hygiene
- Enable auto-lock on shared devices
- Lock manually when stepping away
- Keep your recovery key updated
Technical Details
For security researchers and curious users:
| Component | Implementation |
|---|---|
| Algorithm | AES-256-GCM |
| Key Derivation | PBKDF2-SHA256 |
| Iterations | 600,000 |
| Salt | 128-bit, unique per user |
| IV | 96-bit, unique per encryption |
| Auth Tag | 128-bit |
What Gets Encrypted
- Note content (full text)
- Note metadata (optional)
- Attachments (when supported)
What's Not Encrypted
- Note titles (configurable)
- Tag names (for filtering)
- Timestamps (for sorting)
Frequently Asked Questions
Can you recover my password?
No. We use zero-knowledge encryption. Your password is never transmitted to or stored on our servers. This is a security feature, not a limitation.
What if I lose my recovery key too?
Unfortunately, your encrypted notes cannot be recovered. This is the trade-off for true privacy. We recommend storing the recovery key in multiple secure locations.
Is encryption optional?
Yes. You can use Yooz Notes without encryption. However, we recommend enabling it for sensitive notes.
Does encryption slow down the app?
Modern devices handle AES-256 encryption very efficiently. You won't notice any performance impact during normal use.
Can I turn off encryption later?
Yes, but you'll need to decrypt all notes first. Go to Settings > Security > Disable Encryption.
Privacy Commitment
Encryption in Yooz Notes isn't just a feature, it's a philosophy. We believe your thoughts belong to you alone. That's why we built encryption that even we cannot break.