Can LeafLocked read my journal entries?

No. LeafLocked uses zero-knowledge encryption. Your entries are encrypted with AES-256-GCM on your device before they reach our servers. We only store ciphertext. Without your encryption key — which we never receive — it is mathematically impossible for us to read your journal.

What happens if I lose my encryption key?

If you lose your encryption key, your entries cannot be recovered — not by you, not by us. This is an intentional property of zero-knowledge encryption. Always save your key in a secure password manager or download the .key file.

Does LeafLocked require an email address?

No. LeafLocked only requires a username and password. No email address is ever collected, so there is no email-based account recovery.

Can I use LeafLocked offline?

Yes. LeafLocked has a local-only mode that stores all encrypted entries in your browser's IndexedDB. No data leaves your device in this mode. You can toggle it on in Settings.

What encryption does LeafLocked use?

LeafLocked uses AES-GCM-256 encryption via the Web Crypto API, built into all modern browsers. A unique 256-bit key and 96-bit IV are used per entry. The key is generated locally and never transmitted.

How do I export my journal?

Go to Settings > Export entries. LeafLocked decrypts all your entries client-side and downloads them as a JSON file. The server never performs decryption.

Zero-Knowledge · AES-256 Encrypted · No Email Required

Your thoughts, encrypted by you.

LeafLocked is a private journaling app where your entries are encrypted on your device before reaching our servers. We store only ciphertext — we can never read your journal.

Start your journal — it's free Sign in

No credit card. No email. No tracking.

Start writing in 2 minutes

No email verification. No onboarding flow. No credit card.

1
Create an account
Pick a username and password. No email, no phone number, no personal data collected.
2
Save your secret key
A 256-bit encryption key is generated on your device. Download it as a .key file or copy it to your password manager.
3
Write
Open today's entry and start writing. Your words are encrypted before leaving your device.

Built for privacy, not engagement

Every decision in LeafLocked was made to protect your writing, not monetise it.

End-to-end encrypted

Your entries are encrypted on your device with AES-256 before they ever reach our servers. We store only ciphertext.

You hold the key

Your encryption key is generated locally and never transmitted. We cannot read your journal even if we tried.

One entry per day

Cultivate a meaningful daily writing habit without the pressure of constant updates.

Works offline

Enable local-only mode to store everything in your browser. Zero server calls, total privacy.

No email required

Own your data

Export all entries as decrypted JSON any time. Delete your account and all data in one click.

AES-256-GCM

Zero-knowledge

No analytics

No third-party scripts

Frequently asked questions

Can LeafLocked read my journal entries?: No. Your entries are encrypted on your device with AES-256-GCM before they reach our servers. We store only ciphertext — without your key, it is mathematically impossible for us to read your journal.
What happens if I lose my encryption key?: Your entries cannot be recovered — not by you, not by us. This is an intentional property of zero-knowledge encryption. Save your key in a password manager or download the .key file during registration.
Does LeafLocked require an email address?: No. Only a username and password are required. No email is ever collected.
Can I use LeafLocked offline?: Yes. Enable local-only mode in Settings to store all encrypted entries in your browser's IndexedDB. No data leaves your device.
What encryption does LeafLocked use?: AES-GCM-256 via the Web Crypto API — built into all modern browsers. A unique 256-bit key and fresh IV per entry. The key is generated locally and never transmitted.
How do I export my journal?: Go to Settings → Export entries. LeafLocked decrypts all entries client-side and downloads a JSON file. The server never decrypts anything.

Your journal should be yours.

No ads. No AI training on your thoughts. No one reading over your shoulder.

Start journaling for free