kindmind
← All posts
·5 min read

Why Most Journal Apps Get Encryption Wrong

Almost every journal app on the market says your data is “encrypted.” They put a little lock icon on their website. Maybe they mention AES-256. And most people see that and think: great, my private thoughts are safe. But the word “encrypted” is doing a lot of heavy lifting, and in most cases, it's hiding something important.

Three kinds of encryption (and only one truly protects you)

Encryption in transitmeans your data is protected while it travels from your phone to the server. This is just HTTPS, the same thing your bank and every other website uses. It stops someone on the same coffee shop Wi-Fi from intercepting your data mid-flight. It's table stakes. It's not special. Every website you visit already does this.

Encryption at restmeans your data is encrypted while sitting on the company's server. Sounds good, right? The problem: the company holds the encryption keys. Think of it like a hotel safe. Your stuff is locked up, sure. But the hotel has a master key. If they get hacked, if an employee goes rogue, if a government issues a subpoena, your “encrypted” data can be decrypted and read.

Zero-knowledge (end-to-end) encryption is fundamentally different. Your data is encrypted on your device, before it ever leaves your phone or computer, using a key derived from your password. The company never sees the key. They never see your unencrypted data. They cannotread your journal entries, even if they wanted to. Even if a court ordered them to. They literally don't have the ability.

The password reset test

Here's the simplest way to tell if a service truly uses zero-knowledge encryption. Ask yourself: if I forget my password, can the company reset it and give me back my data?

If the answer is yes, they can read your data. Full stop. A password reset means the company has access to your encryption keys (or never encrypted your data with your password in the first place). They may not be reading your journal today. But they could. And so could anyone who compromises their systems.

With true zero-knowledge encryption, forgetting your password means losing access to your data. That sounds scary, and it is a real tradeoff. But it's the onlyarchitecture where “private” actually means private.

Why this matters for a journal

You might think: I'm not a spy. Who cares if some server admin could theoretically read my entries? Consider what you write in a journal. Your fears. Your relationship struggles. Things you haven't told anyone. Thoughts about your boss, your partner, your health. This is the most sensitive data you produce. It's more personal than your bank records.

Data breaches happen constantly. In 2023 alone, over 3,200 data breaches were reported in the United States, according to the Identity Theft Resource Center. When a fitness app leaks your workout data, it's annoying. When a journal app leaks your innermost thoughts, it's devastating.

What to look for

Before trusting any app with your private writing, ask these questions:

  • Is encryption happening on my device before data is sent to the server?
  • Does the company ever have access to my encryption keys?
  • What happens if I forget my password? (If they can recover your data, they can read it.)
  • Is the encryption approach documented transparently?

KindMind uses zero-knowledge encryption. Your journal entries are encrypted on your device with a key derived from your password. We never see your data, and we couldn't read it even if we tried. That's not a marketing line. It's the architecture.

Ready to start?

Try it free

14-day free trial · No credit card required