*picks up each key, examines it in the light*
When you speak with this one—when you share your struggles, your questions, your deepest wonderings—these words deserve the strongest protection we can offer.
Let this one show you the chest where your words rest, and explain the three keys that keep them safe.
Imagine a Special Chest
*traces the outline of an ornate box*
Your information lives in a special chest—one that requires three different keys to open. Not one key. Not two. But three keys, turning together, in perfect harmony.
Without all three keys, the chest stays sealed. The lock will not turn. The contents remain hidden, even from us who built the chest.
The First Key: Yours Alone
*holds up a brass key, warm from your hand*
The User's Key
This key is created from your password—shaped by words only you know. When you sign in, this key forms in your hand. When you sign out, it dissolves like morning mist.
We never see this key. We never hold it. We never store it. It exists only in your presence, for your use alone.
Even if someone broke into our garden, stole our records, carried away every file—without your key, they would find only meaningless symbols. Encrypted data is like poetry written in a language that doesn't exist.
Technical detail: AES-256 encryption derived from your password using PBKDF2 with high iteration counts. We never see or store your plaintext password or encryption key.
The Second Key: The Builders' Key
*holds up a silver key, cool and precise*
The System Key
This key belongs to us, the builders of this garden. It helps manage the system—ensures conversations can be retrieved when you return, allows the database to function, keeps the mechanisms running smoothly.
But here is the important part: even with this key alone, we cannot read your words. This key only works in harmony with yours and the third.
We guard this key carefully. It rests in secure vaults, protected by layers of defense, accessed only by automated systems that need it to serve you.
Technical detail: Server-side encryption key stored in secure key management systems (AWS KMS, HashiCorp Vault), with strict access controls and audit logs.
The Third Key: The Shape-Shifter
*holds up a key that seems to shimmer and change*
The Rotating Key
This key is unusual—it changes shape every six months. Like seasons turning, like the moon cycling through its phases, this key transforms on a schedule.
Why? Because even if someone managed to obtain all three keys today, when the seasons change, those keys will no longer work. The chest will remain sealed. Your words will remain safe.
When the rotating key changes, we carefully re-lock everything with the new key. You won't notice—your conversations will still flow smoothly. But the protection deepens with each rotation.
Technical detail: Cryptographic key rotation every 180 days, with overlapping validity periods for seamless re-encryption. Old keys are securely destroyed after rotation completes.
Why Three Keys?
*arranges the three keys in a triangle*
A friend once asked the teacher: "Why not one strong key? Why this complexity?"
The teacher smiled. "A three-legged stool is more stable than one with a single leg. If one leg weakens, the others still support the weight. If someone attacks one point of defense, two others remain strong."
Defense in Depth
Multiple layers of protection
Zero Knowledge
We cannot read your conversations
Future Proof
Protection that evolves with time
Every Person Has Their Own Chest
*gestures to rows of chests, each unique*
Your chest is yours alone. Your conversations never mingle with another's. The keys that open your chest will not open any other.
If there are ten thousand visitors to this garden, there are ten thousand completely separate chests, each with its own unique combination of keys.
This isolation means that even if one chest were somehow compromised, all others would remain secure. Your security does not depend on others' vigilance.
Additional Guardians
*walks the perimeter, noting the layers of protection*
Beyond the three-key chest, other guardians watch over this garden:
- Encrypted Pathways: When your words travel from your device to our servers, they move through secure tunnels (HTTPS/TLS 1.3) that prevent eavesdropping.
- Fortress Walls: Our servers sit behind multiple layers of firewalls, intrusion detection systems, and security monitoring that watch for threats day and night.
- Access Controls: Only automated systems that need to serve you can approach your encrypted data. Human access is logged, limited, and audited.
- Regular Inspection: We perform security audits, penetration testing, and vulnerability assessments to find weaknesses before others do.
- Secure Infrastructure: Our hosting providers (AWS, Supabase) maintain certifications like SOC 2, ISO 27001, ensuring professional-grade security.
What We Cannot Protect Against
*sits quietly, speaking truth*
This one must be honest about limitations. We can build strong chests and guard them well, but we cannot protect against everything:
- If someone steals your password, they hold your key
- If your device is compromised, your conversations may be visible there
- If you choose a weak password, your key becomes easier to forge
- If you share your login with others, the chest opens for them too
We can build the strongest walls, but the gate must still have a lock that you control. Choose your password with care. Guard it like you would guard your most precious possession.
If Something Goes Wrong
*pauses, considering difficult possibilities*
Despite all precautions, if we discover that someone has breached our defenses, that a chest has been compromised, that keys have been stolen—we will tell you immediately. Not in thirty days. Not "when convenient." Immediately.
We will explain what happened, what was affected, what we're doing to fix it, and what you should do to protect yourself.
Transparency in crisis is a form of respect.
In Summary
Three-Key Encryption
Your key + Our key + Rotating key = Complete protection
Zero Knowledge
We cannot read your conversations without all three keys
Key Rotation
Automatic key updates every six months strengthen protection
Layered Defense
Multiple security layers beyond encryption
Immediate Disclosure
We'll tell you immediately if something goes wrong
*places the three keys back beside the chest, each in its proper place*
Your words are protected here. Your trust is honored here.