KindMind Journey is zero-knowledge. Everything you write is encrypted on your device before it ever reaches our servers.
On your device, your password is run through PBKDF2-SHA256 with 600,000 iterations and a random salt. The result is a key that never leaves your browser. We never see your password, and we never see this key.
Everything you write is encrypted on your device with AES-256-GCM, using a fresh random IV every single time you save. Only the sealed ciphertext is sent to our servers.
Your content is encrypted with a master key, and that master key is itself wrapped (AES-KW) by your password-derived key. We store only the wrapped version. Unwrapping it requires your password, which only you have.
Your recovery key IS your master key, exported for you to write down when you sign up. If you lose your password, the recovery key restores access. If you lose both, nobody can unlock your words. Not even us. That's the deal, and it's the point.
Conversations with your guide are decrypted on your device and relayed through a stateless edge proxy, which runs an automated safety check before the message reaches the AI. Plaintext never touches our application servers and is never stored. If the check flags a concern, a category-level record comes to us, never your words. If it flags a serious concern, the proxy also skips the AI reply and sends back a fixed supportive message with crisis resources instead. What comes back is sealed again on your device before it is saved.
The same promise holds in every app we make. No sibling ever ships with weaker privacy than the journal.
We love talking about it. Really!
hello@kindmind.com