Privacy-First Design: How We Built End-to-End Encryption
A deep dive into our encryption architecture and why we believe your thoughts should remain truly private.
When we set out to build Whimsical Whim, we made a foundational decision: your reflections would be truly private. Not "private but we can see them if needed" - truly, mathematically private.
Why End-to-End Encryption?
Your Thoughts Are Sacred
Journals have historically been private spaces. The act of honest reflection requires safety - knowing that no one will read your words unless you choose to share them. Digital journaling should offer the same protection.
Zero Trust
We designed our system so that you do not have to trust us. Even if our servers were compromised, even if we were compelled by authorities, we could not reveal your reflections. We simply do not have the keys.
Our Technical Approach
Key Derivation
Your encryption key is derived from your password using Argon2id, a memory-hard key derivation function. This means the key never exists on our servers - it is created on your device from your password.
XChaCha20-Poly1305
We use XChaCha20-Poly1305 for encryption. This modern cipher provides both confidentiality (no one can read your data) and integrity (no one can modify your data without detection).
Key Recovery
We offer an optional recovery key that you can store safely. This allows you to recover your data if you forget your password. The recovery key is also encrypted and stored locally - we never see it.
The Tradeoffs
We Cannot Help You Recover
If you lose your password and have not set up recovery, your data is gone. This is the price of true privacy. We encourage users to set up recovery options carefully.
No Server-Side Search
Because we cannot read your content, we cannot offer server-side search. Search happens on your device, which may be slower but keeps your data private.
Trust Requirements Shift
Instead of trusting us with your data, you must trust our code. We plan to open-source our encryption implementation for community review.
Why This Matters
In an age of data breaches and surveillance capitalism, we believe privacy is a fundamental right. Your inner thoughts - your hopes, fears, struggles, and dreams - deserve protection.
We built Whimsical Whim to be a sanctuary. A place where you can be fully honest because you know, with mathematical certainty, that your words are for your eyes only.
The Whimsical Team
Building technology that honors natural rhythms.