Zero-Knowledge Security

We literally cannot
see your data.

Not "won't." Cannot. Your privacy isn't a policy—
it's built into our architecture.

Zero

Access to your data

AES-256

Military-grade encryption

100%

Client-side encrypted

Join Now View Research

How Zero-Knowledge Works

Your data is encrypted on your device before it ever reaches our servers

Step 1: You Create Your Access Code

When you sign up, you create a unique access code. This code becomes your encryption key and never leaves your device unencrypted. We never see it, store it, or have any way to recover it.

Result: Only you have the key to your data. Not us, not anyone.

Step 2: Encryption Happens in Your Browser

Every piece of data—your journal entries, messages, email, name, everything— is encrypted using AES-256 encryption in your browser before being sent to our servers. We use industry-standard cryptography libraries.

Result: By the time data reaches our servers, it's already locked. We only see encrypted gibberish.

Step 3: We Store Encrypted Data

Our servers store your encrypted data in secure databases with additional layers of protection. But even if someone gained access to our database, they would only see encrypted data that's useless without your access code.

Result: Even in a worst-case breach scenario, your personal data remains safe.

Step 4: Decryption Only on Your Device

When you log in with your access code, your browser decrypts the data locally. The decryption happens entirely on your device—never on our servers. This is why your access code is so important.

Result: Only you can read your data. Period.

What We Cannot Access

Because of zero-knowledge encryption, we have no way to see:

Your Personal Information

Your name (encrypted)
Your email address (encrypted)
Your phone number (encrypted)

Your Journal Entries

All journal text and reflections
Mood entries and tags
Photos and media you upload

Your Messages

Messages with your therapist
Care team communications
Any shared content

Your Goals & Progress

Personal goals and milestones
Progress tracking data
Therapist notes and prompts

Important: Save Your Access Code

Because we use zero-knowledge encryption, if you lose your access code, we cannot recover your data. There is no "reset password" option. Store your access code in a secure password manager or write it down in a safe place.

Exceeding Standards

Beyond HIPAA Compliance

HIPAA is just the baseline. We go further.

HIPAA Compliance

We meet all HIPAA requirements for protected health information (PHI), including administrative, physical, and technical safeguards. Our systems are regularly audited for compliance.

Zero-Knowledge Architecture

We go beyond HIPAA by implementing zero-knowledge encryption. Even if legally compelled to provide data, we physically cannot decrypt your personal information—because we don't have the keys.

Infrastructure Security

Our infrastructure includes: encrypted data at rest and in transit, multi-factor authentication, regular security audits, intrusion detection systems, and DDoS protection.

Transparent Practices

We believe in transparency. Our security documentation is public, we conduct regular third-party audits, and we're open about our practices. Trust through transparency.

Technical Implementation

For the technically curious

Encryption Standards & Protocols

Encryption Algorithm

AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode)

Key Derivation

PBKDF2 (Password-Based Key Derivation Function 2) with 100,000 iterations

Transport Security

TLS 1.3 with perfect forward secrecy

Cryptography Library

Web Crypto API (native browser implementation)

Additional Security Measures

Secure random number generation for all cryptographic operations
Content Security Policy (CSP) headers to prevent XSS attacks
Subresource Integrity (SRI) for all external resources
Regular penetration testing and security audits
Automated vulnerability scanning and dependency updates

Your data. Your control. Always.

Experience mental health care built on a foundation of privacy and trust.