← back

security

The encryption story, in detail.

On This Day uses end-to-end encryption built on libsodium. The keys that decrypt your entries never leave your device unencrypted. The server only ever sees ciphertext.

The keys

At sign-up, your browser generates a random thirty-two byte master encryption key (MEK). The MEK is wrapped twice and stored on the server as ciphertext:

  • · Under your password. Argon2id derives a key-encryption key from your password and a per-user salt. The MEK is sealed under that key with libsodium secretbox.
  • · Under a recovery phrase. A second twenty-four word recovery phrase (BIP39) is generated and shown to you once. The MEK is also sealed under a key derived from that phrase.

Either path can unlock the journal. If you lose your password, the recovery phrase still works. If you lose both, the data is gone forever, by design. There is no “forgot password” e-mail link that secretly weakens the model.

Per-entry keys

Each daily entry has its own data encryption key (DEK), randomly generated at write time. The DEK encrypts the entry payload; the MEK then wraps the DEK. This per-entry layer means cryptographic delete is just removing a single wrapped key, the ciphertext is unreadable from that moment, even to us.

Authentication

Passwords are stored as bcrypt hashes (cost 12). Sessions are carried in httpOnly cookies as JWTs signed with HS256, validated on every request. PostgreSQL row-level security policies enforce per-user isolation as a second line of defence.

What the server sees

The server can read your mood, the dates you logged, the dropdown answers, the names of any hashtags, and any location coordinates you attached. That is the metadata that powers the visualisations.

The server cannot read the text of your entries, your long-form writing, or (when photos arrive) your photos. These are sealed with keys it has never seen.

Recovery phrase

Write it down. Store it somewhere safe. It is the only fallback, and we cannot show it to you again. This is a deliberate constraint, a recovery phrase you can ask us for is one we can be compelled to surrender.

Disclosure

If you find a security issue, please tell us: security@onthisday.app. Responsible disclosure appreciated.