Security
A single-owner system designed so that one person — you — is the only person who can access your knowledge base.
Shipped guarantees
Single-owner authentication
Auth.js (NextAuth v5) powers a single-owner login model. Only one account can ever exist — the claim is serialized at the database layer with an advisory lock, so concurrent first-run requests cannot mint two owners.
Password storage
Passwords are hashed with bcrypt (cost factor 12) before storage. The plaintext password is never written to the database or any log.
Locked notes and folders
Individual notes and folders can be marked as locked. Locked content requires explicit re-authentication to view or edit and is excluded from AI requests, search indexing, and share links by default.
Opt-in AI
Every AI operation — summarize, tag, chat, embed — is opt-in. The application never sends note content to an external AI endpoint without an explicit user action. All interactions are logged in the AIInteraction table for full auditability.
Route-gated application surface
All authenticated routes under /app require a valid session. Unauthenticated requests are redirected to the login page with the original destination preserved for post-login return.
Secure, expiring share links
Share links are unique random tokens. They can be configured to expire and can be revoked at any time. Shared views are read-only — no mutations are possible through a share link.
On the roadmap
The following are planned but not yet shipped. They are listed here for transparency, not as current guarantees.
- ◌Passkey / WebAuthn support (roadmap)
- ◌TOTP / 2FA (roadmap)
- ◌End-to-end encrypted note mode (advanced roadmap)