Thoute is zero-knowledge for the contents of your vaults: every block, page, tag, task, and attachment is encrypted in your browser before it reaches our servers, and your encryption key never leaves your device. Read on for the specifics — and a frank list of where this story isn't yet complete.
How encryption works
When you create a vault, you pick a passphrase.
Your browser derives a 256-bit key from that passphrase using PBKDF2-SHA-256 with 100,000 iterations and a random 16-byte salt — a slow, salted key derivation designed to make brute-force expensive.
That derived key encrypts every block, page, tag, and attachment using AES-GCM (256-bit) before anything is sent to the server.
The server has neither your passphrase nor your derived key, so it cannot decrypt your content. Your encrypted keystore (the passphrase-wrapped key) is stored on the server so you can sync across devices and restore from backup — without your passphrase, the wrapped key is useless.
What the server CAN see
- That you have an account, your email, and your auth tokens.
- Your vault IDs and the name you gave each vault (so other devices can list and rename them). See Honest gaps below — encrypting vault names is on the roadmap.
- The shape of your vaults: how many encrypted documents exist, when they were last updated, how big the ciphertext is.
- Internal block IDs — random UUIDs that don't leak content.
- IP address and approximate connection metadata, as for any service.
- Billing information you provide, via Stripe, when applicable.
What the server CANNOT see
- The content of any bullet.
- Page titles, tag names, task statuses, due dates — all encrypted.
- References between bullets — encrypted.
- Attachments — files are encrypted client-side before upload; the server stores opaque blobs at opaque UUIDs.
- Your search queries — search runs in your browser against a local encrypted index.
Where your key lives
- In memory only. Your derived master key is held in your browser's JavaScript memory while the app is open and discarded when you close the tab.
- Auto-unlock is opt-in and trades convenience for risk. If you turn it on, your passphrase is saved to your browser's local storage (unencrypted, scoped to the current device + origin) so you don't re-type it on every reload. Anything with access to that browser profile — including malicious browser extensions or XSS — can read it. Sign out to clear it.
- The encrypted keystore lives on our servers so you can unlock the same vault on a new device. It's wrapped with your passphrase; without the passphrase it can't be unwrapped.
- The plaintext key is never on our servers, never in logs, and never in plaintext form in backups. Error reports (Sentry) scrub any field named like a passphrase, token, or key before being sent.
What you lose
If you forget your passphrase, your data is unrecoverable. This is the cost of zero-knowledge. We can't reset it. A password manager is strongly recommended.
AI features
Thoute AI is an optional assistant that runs on top of leading commercial language models. You can use it to summarize attachments, ask questions about your notes, draft new entries, and have ongoing chats against the contents of a vault.
Thoute AI is opt-in per vault. By default, no plaintext ever leaves your device.
If you opt in for a vault, the relevant content is decrypted in your browser at the moment you make a request and sent to the model provider. Anything the model returns (summaries, answers, drafts) is encrypted again before being stored in your vault.
We only route AI requests to providers whose terms commit them to not retaining your data and not using it to train future models. The specific provider may change over time as the landscape evolves; the non-retention requirement does not.
You can opt out per-vault at any time. Existing AI-generated content stays encrypted in your vault.
Backup and restore
Backups are encrypted end-to-end. A backup file contains the encrypted Yjs document state, the encrypted attachment blobs, and your encrypted keystore — no plaintext content and no plaintext key material. Restoring requires your passphrase to unwrap the keystore.
Threats this protects against
- Server compromise. An attacker who steals our database gets ciphertext.
- Insider access. Thoute employees cannot read your data, by construction.
- Subpoena / legal compulsion. We can produce ciphertext; we cannot produce plaintext.
Threats this does NOT protect against
- A compromised device. If malware is running in your browser, it can read what your browser reads.
- A weak passphrase. Use a long, random passphrase.
- You sharing your passphrase. Don't.
Honest gaps
We'd rather flag these than have you discover them.
- Vault names are plaintext on the server today. This is so other devices can list your vaults by name and so renames propagate. Vault contents are encrypted as described; only the vault label is visible. Encrypting vault names is planned.
- Auto-unlock stores your passphrase in your browser's local storage. It's unencrypted, scoped to that browser profile and origin. Convenient on a trusted device, risky on a shared one. Turn it off if your threat model includes other people having access to your browser session.
- Legacy plaintext tables exist in the database from an earlier sync design (pre-Yjs). The current web app does not write to them. They remain in the schema for older clients and are slated for removal.
If any of these matter to your use case, tell us — the priority on closing them rises with demand.
What's next
- Getting started — set up your vault with this context in mind.
- FAQ — common questions about beta access, pricing, and the business behind the product.