Security & Privacy
Every claim on this page references the specific mechanism that implements it, so it can be checked against how Tareea actually behaves, not just what we say about it.
What's encrypted
- Note title & body
- Note search index
- Note & task tags
- Task title & description
- Folio name & description
- Tag names
- Day Pins
- Sub-note relationships
- Handoff payloads
- Your AI provider keys
- Row IDs, timestamps
- Workspace ownership
- Task status & priority
- Due date & time
- Folio membership, position
- Pin state
- Encryption version
- Account email (via Supabase Auth)
How encryption works
Standard, well-reviewed primitives — no proprietary cipher, no invented scheme.
| Component | Implementation |
|---|---|
| Content cipher | AES-256-GCM via the browser's native Web Crypto API. Older rows on XChaCha20-Poly1305 (libsodium) are transparently re-sealed on next edit. |
| Master key | 256-bit, generated client-side from a CSPRNG. |
| Password → key | Argon2id, opslimit=3, memlimit=64 MiB, locked parameters, ~500ms on a mid-range 2026 phone. |
| Recovery key → key | BLAKE2b-256 over 200 bits of random entropy. |
| Nonces | 12 bytes (GCM) / 24 bytes (XChaCha), fresh-random per call, never reused. |
| Version binding | Every blob is bound to a versioned associated-data string. A v1 blob can't be silently opened as v2 — mismatches fail verification, not decrypt into garbage. |
End-to-end encrypted is the term we stand behind. "Zero-knowledge" gets used loosely across the industry, and we'd rather be precise than impressive. The metadata table above is real and visible. Content is E2E. Metadata is minimized, not eliminated.
Keys and recovery
- Generated in your browser, at signup. A fresh master key, salt, and recovery key are created locally. The master key is wrapped under both your password and your recovery key — only the wrapped copies are ever sent to us.
- Master key: lives on your device only, in-memory during your session and in IndexedDB between visits. We hold only wrapped copies, useless without your password or recovery key.
- Password: hashed by Supabase Auth. We never see it in plaintext.
- Recovery key: shown once, at signup. Never transmitted again, never regenerable from our side.
The recovery key is a 40-character string, 200 bits of entropy, shown exactly once:
tareea-AAAAA-BBBBB-CCCCC-DDDDD-EEEEE-FFFFF-GGGGG-HHHHH
It's not a hint. It's the second key that unwraps your master key if your password is ever lost.
Your data is permanently unrecoverable. There's no back door and no exception we can make — that's the actual trade for encryption that's real rather than promised. Print the recovery key. Keep it somewhere your account password doesn't also protect.
Two-factor authentication
Optional, and separate from your encryption keys entirely. Turn on TOTP-based 2FA in Settings — any standard authenticator app works — and generate one-time backup codes at enrollment for the case where you lose your authenticator device. 2FA protects account access, not content directly: content is already protected by encryption that doesn't depend on your login session. Even a compromised login can't decrypt your notes without your password or recovery key.
What the server can see
A support engineer, a legal request, and a compromised internal account all hit the same wall: the ciphertext exists, the key doesn't. There's nothing to hand over, because there's nothing here that can read it.
Connected Mode
Opt-in, Pro-only, per workspace. Turn it on, and three plaintext mirror fields appear: title_plain, tags_plain, name_plain, so server-side features like calendar feeds and email digests can say "you have a task called X" without holding your key. Bodies and descriptions stay encrypted either way. Turn it back off, and new writes stop mirroring; existing mirrors clear the next time that item is edited.
BYOAI
Your AI requests never pass through Tareea's servers — not stored, not logged, not even seen in transit.
- There's no AI endpoint in the codebase to route through, even if we wanted to.
- The Anthropic adapter sets
anthropic-dangerous-direct-browser-access: true, a header the provider requires as explicit acknowledgement that the call is browser-to-provider, no proxy in between. - In Private mode, AI isn't available at all. Every AI call site early-returns before anything happens.
Because we're never in the request path, there's nothing on our side to log. Your relationship for those calls is with the provider you chose, on the terms they publish.
Data handling
| What | Where |
|---|---|
| App servers | Paris (Vercel) |
| Database & auth | London (Supabase) |
| Encrypted backups | EU jurisdiction (Cloudflare R2) |
| Email delivery | US (Resend) |
Deletion and exports
Deleting your account
- Your password is re-verified server-side before anything happens.
- Every table tied to your account — notes, tasks, Folios, tags, Handoffs, everything — cascades and drops in the same transaction.
- An audit-log entry retains your user ID for compliance, never your content.
- A confirmation email is sent to the address on file.
Deletion is immediate — no 30-day grace period, unlike the soft-delete on individual notes or tasks. Encrypted nightly backups roll off within 30 days, and were never readable without a key that's already gone.
Exporting your data
Settings → Privacy & data exports everything you own: notes, tasks, Folios, tags, Day Pins, note versions — decrypted in your browser, packaged as Markdown plus a JSON manifest. No server involvement in the decrypt path; it works offline as long as your key is loaded.
Compliance and trust
GDPR
We built Tareea's architecture around the rights GDPR protects — not as a compliance project bolted on afterward. Here's what that means in practice:
- Your note and task content is end-to-end encrypted. We can't read it, so there's nothing to collect from it, even if we wanted to.
- We do see structural metadata — timestamps, task status, your account email — because the app can't function without it. It's listed in full earlier on this page.
- You can export everything you own, decrypted, in a portable format, any time, from Settings → Privacy & data.
- Deleting your account deletes your data immediately. No 30-day wait, no lingering copy.
- Our sub-processors are Supabase, Vercel, Cloudflare, and Resend — all EU-hosted or EU-compliant for the data they touch.
None of this makes Tareea "GDPR certified" — that isn't a real certification GDPR itself issues. The rights it's built to protect are implemented as working features, not promises pending a compliance project.
Responsible disclosure
security@tareea.com. Acknowledgement within 72 hours, credit if you want it, coordinated disclosure on your timeline.When things go wrong
If Tareea shuts down
Your export stays available with at least 30 days' notice before any shutdown — see Deletion and exports above.
If our servers go down
Notes and tasks you've already opened stay readable and editable offline. New writes queue locally and sync once you're back. What doesn't work offline: syncing from other devices, sharing, or triggering digests. Nothing becomes newly readable during an outage — the offline layer only holds what was already decrypted in memory before the connection dropped.
What we won't overclaim
- Metadata is minimized, not eliminated. If your threat model requires that even the existence of a "therapy"-tagged note stay invisible to any operator, know that Connected Mode mirrors tag names in plaintext. Private mode does not. Choose deliberately.
- Your key is only as safe as your device. A compromised browser can, in principle, exfiltrate a key from memory. Our defense is a strict content-security policy — no inline scripts, no eval, no unapproved hosts — but XSS is a class of bug, not a solved one. Log out on devices you don't fully trust.
- The recovery key is genuinely irreplaceable. Print it. Store it somewhere your account password doesn't also unlock.
This page covers what we think a careful reader would actually want to know — but we're aware we might have missed your specific question. We'll answer honestly — whether that means pointing you to something already true, or telling you plainly that it isn't built yet. Gio and Pat read every one.
Contact us →