From honest defaults
to total sovereignty
For the people who want the real mechanism. Self-knowledge content is the most intimate data a person can produce, so we treat privacy as architecture, not a policy page. Here is the ladder we climb and exactly where we stand on it.
Records nobody can read but you
The magic loop needs your words in plain text for a single moment so the AI can create your insight and mirror image. So the goal is not a slogan about being 'encrypted' — it is shrinking and controlling that one plaintext moment until it belongs to no one but you.
The ceiling we are aiming at: end-to-end encryption with keys only you hold, a sovereign mode where plaintext never leaves your device, and deletion that destroys the key so every copy everywhere becomes unreadable in an instant.
Your keys, your choice
Self-custody is offered, never forced. You decide how much sovereignty — and how much recovery safety — you want.
Deletion is an encryption feature
Real, backup-proof erasure comes from destroying keys (crypto-shredding), which only exists once content is encrypted per person and per record.
Verifiable beats promised
The protocol and the client-side cryptography are meant to become open and independently auditable. Trust you can check, not trust you are asked for.
Four tiers, each a superset of the last
We climb the ladder; we do not swap rungs. Each tier defends against more, and each says what it does not yet cover.
Transparency + provider hardening
No cryptography yet. Stop treating third-party processors as a leaky default: zero-retention and no-training on every provider, content-free logs, and a complete account wipe.
Protects against
Network eavesdroppers; provider retention and AI training on your content.
Still open
Content is still plaintext at rest, so an administrator could read it — or be compelled to hand it over under a subpoena.
Encryption at rest
Content is stored as ciphertext under keys wrapped in a key-management service. A stolen database or backup reveals nothing.
Protects against
Stolen database dumps, leaked backups, and casual insider access. Unlocks crypto-shredding deletion.
Still open
The app server still holds the keys, so plaintext can still be produced under compulsion.
Client-side encryption
Your device encrypts content before it ever reaches us. The server stores only ciphertext it cannot read; AI runs only during a pass you approve.
Protects against
Everything at rest, including a fully compromised database and most insider access. The server becomes zero-knowledge.
Still open
A bounded, you-approved generation window still exposes plaintext to the model provider.
End-to-end + on-device
Your device does the cryptography and can call the model directly — one less traffic hop. Sovereign mode runs a local model so plaintext never leaves the device at all.
Protects against
The operator itself, lawful compulsion, and — in sovereign mode — the model provider too.
Still open
Local image generation at full quality is still maturing, so sovereign mode will start text-only.
Who each tier defends against
A simplified view. Read across: each tier adds protection without giving any back.
| Adversary | T0 | T1 | T2 | T3 |
|---|---|---|---|---|
| Network eavesdropper (in transit) | ||||
| Stolen database or backup | ||||
| Curious insider browsing storage | ||||
| Compromised app server | ||||
| Operator compelled by subpoena | ||||
| Model provider during generation |
Even inside that generation window, requests are anonymized — your name, email, and account never leave our servers. Voice is transcribed by a partner that only turns speech into text; it never fingerprints or identifies your voice.
Your keys, your custody
A fresh keypair for every message
Each reflection gets its own random 256-bit key, sealed to your public key. Sealed-box encryption mints a brand-new ephemeral keypair per message and throws the private half away — forward-secrecy-like protection, at effectively zero collision risk across a 256-bit keyspace.
You choose how it is held
Sovereignty is a setting, not a default we impose. Pick the balance of control and recoverability you want:
Escrow recovery
An encrypted backup you opt into. Easiest to recover — and safe unless we are legally compelled to hand it over.
Social recovery
Your key is split among people you trust. Recoverable, and far harder to compel — but not impossible, since the trustees exist.
Self-custody
You alone hold the key. Maximum sovereignty, with nothing to compel out of us — but lose it, and your data is gone for good.
We will say this plainly in the product: if you hold the only key and lose it, no one can bring your data back. That is the price of true privacy, and the choice is yours.
Take your keys and go
Export your private key or a full encrypted archive, move devices, or leave entirely and import elsewhere. Bring your keys, take your keys.
Your device as the mini-server
Device-as-mini-server
Your device holds the keys, decrypts locally, and can call the model directly — uploading only ciphertext to us. The server never sees plaintext at all, and your history is assembled on-device, so 'the mirror remembers' without us reading a thing.
Sovereign / local-only mode
A toggle for 'reveal this to no one.' Content stays encrypted under on-device keys and a local model runs inside that boundary — the AI only ever sees plaintext on your own machine. No third party, ever.
Limits: with any cloud model, there is an irreducible moment where your plaintext exists in transit while the model works.
Only on-device models or attested confidential compute close that gap completely — which is exactly what Sovereign mode is for, and the frontier we are walking toward.
How we get there
Foundation
Provider hardening, a complete account wipe, and this straightforward privacy page.
Delivers Tier 0.
Encryption at rest
Envelope-encrypt the content boundary and upgrade deletion to crypto-shredding.
Delivers Tier 1.
Your keys and sovereignty
Client-side encryption, portable keys, device-as-mini-server, and sovereign mode.
Delivers Tier 2 and Tier 3.
Built to be checked, not just trusted
This is the direction and current status. The plain-language docs version is one tap away.