Create a Codeword

Think of any memorable word or phrase. This is your encryption key. Only people who know this codeword can access your notes.

Enter the Vault

Click "Open" to enter your encrypted vault. Your browser generates a unique encryption key from your codeword using PBKDF2.

Type & Share

Type your notes, paste images, or upload files. Everything is encrypted using AES-256-GCM on your device. Changes auto-save every 2 seconds.

Share the Codeword

Send your codeword to others via any channel (email, messaging, in-person). They enter the same codeword and see your notes in real-time.

🔬 Under the Hood

Client-Side Encryption
Your codeword never leaves your browser. AES-256-GCM encryption happens entirely on your device using Web Crypto API.

Key Derivation (PBKDF2)
Your codeword is transformed into a 256-bit key using PBKDF2 with 600,000 iterations and a random salt. This makes guessing virtually impossible.

Server-Side Storage
The server stores only the encrypted data (salt, IV, ciphertext) indexed by a SHA-256 hash of the codeword for lookup.

Real-Time Sync
WebSocket broadcasts encrypted updates to all clients watching the same vault. The server never decrypts your data.

No Backdoors
We can't read your notes. We can't force decryption. We can't see your codeword. Your privacy is by design.

Zero-Knowledge Proof
We prove data ownership without seeing plaintext. Only clients with the correct codeword can decrypt.

❓ Frequently Asked Questions

Is my data really encrypted?

Yes. Everything is encrypted with AES-256-GCM before leaving your browser. The server never has access to your codeword or plaintext. We physically cannot decrypt your data.

What if I forget my codeword?

There's no "forgot password" recovery. Your codeword is your encryption key. If you forget it, your vault is permanently inaccessible (by design—this is security). Write it down or use a password manager.

Can someone guess my codeword?

Theoretically yes, but with 600,000 PBKDF2 iterations, a brute-force attack would take centuries. Use a strong, unique codeword (e.g., "BlueMountainVibes2026Jan17") instead of simple words.

How long are vaults stored?

Indefinitely, unless you manually delete the vault. We don't have a retention policy. Your encrypted data stays on our servers until you delete it.

Can EncodeNote read my notes?

No. We have zero knowledge of your plaintext. Your codeword is never sent to us. All encryption happens client-side. It's cryptographically impossible for us to read your data.

Is EncodeNote open source?

Yes! Our source code is available on GitHub. You can audit the encryption implementation, deploy it yourself, or verify our claims.

Can I use it offline?

Yes. EncodeNote is a Progressive Web App. Install it on your home screen and it works offline. Background sync queues changes when you reconnect.

Is it free?

Completely free. Forever. No ads, no premium tier, no hidden costs. We believe secure communication should be accessible to everyone.

📖 How EncodeNote Works