Loxnote
Open app demo Get Loxnote — free
Security & trust

Don’t trust us. Verify us.

Loxnote’s privacy isn’t a policy you have to believe — it’s an architecture that makes the alternative impossible. Here’s exactly how it works.

See the threat model Read the audits
The security contract

What we can — and can’t — see.

This table is the whole product. Every endpoint we ship is reviewed against it.

You keep

Held only on your devices, under keys we never receive.

  • Note titles, body text and formatting
  • Tags, folders and the shape of your life
  • Attachments, images and voice notes
  • Your password (never transmitted, ever)
  • Search queries, tasks and reminders

We store

A breach of our servers yields ciphertext and counters — nothing readable.

  • opaqueEncrypted blobs, object IDs & byte sizes
  • verifierAn OPAQUE login verifier — not your password
  • wrappedKey material, encrypted under your keys
  • edgesThat A shared something with B — never what
  • hmacBlind-index tokens — never the words behind them
Threat model

What happens when things go wrong.

We design for the bad day — a breach, a subpoena, a lost laptop. Here’s the outcome of each.

Attack vector
What an attacker gets
Outcome
Our servers are breached
Ciphertext, object sizes and timing. No keys, no plaintext, no passwords.
Notes safe
A court orders us to hand over data
We can only produce ciphertext we cannot decrypt. There is no master key to compel.
Nothing to read
A “Chat Control” scanning mandate
We are technically unable to scan content — it is encrypted before it reaches us.
Cannot comply
Your device is lost or stolen
Data is encrypted at rest; revoke the device’s key remotely and it can decrypt nothing new.
Revocable
A malicious or rogue insider at Loxnote
Same as an external breach — staff see ciphertext. Admin actions are in the audit log.
No access
You forget your password and lose your kit
Your notes are unrecoverable — even by us. That’s the cost of a true no-backdoor design.
By design
Under the hood

Cryptography you can read for yourself.

Modern, audited, crypto-agile — with reproducible builds and a public bug bounty.

A versioned envelope

Every object carries its algorithm IDs, so we can rotate ciphers and migrate to post-quantum without re-encrypting your life.

version ∥ alg_ids ∥ nonce ∥ AEAD(ciphertext, AAD)

Keys derived from you

Argon2id stretches your password to a master key that never leaves the device. The server holds no master key, and no backdoor.

argon2id → MUK → wraps ASK → per-note keys

Verifiable, not just promised

Published external audit before GA, an ongoing bug bounty, CRA-compliant disclosure and a periodic transparency report.

audit: sha256·9f2c…d10a · verified ✓
XChaCha20-Poly1305 Argon2id X25519 + HKDF Ed25519 OPAQUE aPAKE hybrid ML-KEM-768

A detection order to scan your notes is something we are technically unable to satisfy — because we cannot read content in the first place.

// our standing posture on EU “Chat Control” / CSAR
Open & audited

Open source is the only honest proof.

You don’t have to take our word for any of this. Our clients are open-source, our builds are reproducible, and independent auditors check our cryptography before every major release.

  • Open-source desktop, mobile & web clients
  • Reproducible builds — verify the binary matches the code
  • External cryptography audit published before GA
  • Public bug bounty with a clear safe-harbour
  • Quarterly transparency report on requests received

Verify the latest release

Each release ships with a signed checksum and an audit attestation you can check yourself.

client v3.2.0 · ed25519-sig ✓
reproducible-build: match ✓
audit-2026-Q1: sha256·9f2c…d10a ✓
View security disclosures
Compliance & sovereignty

European by construction.

EU company, EU servers, EU sub-processors. No Schrems II asterisks, no transfer-risk footnotes.

GDPR

Art. 32 by design · DPA on request

EU CRA

Cyber-Resilience disclosure ready

EU residency

Frankfurt + Helsinki only

SOC 2 (Team)

Type II in progress · evidence pack

Security you can hold us to

Read the threat model. Then trust the math.

Start free, or talk to us about a DPA, audit pack and EU data-residency guarantees for your organisation.

Get Loxnote — free Enterprise & DPA →