Security

Soul encrypts note contents on your device before sync (E2EE). Only your key can decrypt your notes.

Design highlights

• Local‑first: edits happen on device; sync is background and conflict‑aware.
• Keys: derived from your passphrase/session; never sent in plaintext.
• Transport: TLS 1.2+ for all network traffic.
• Storage: encrypted blobs only; no ad SDKs; minimal telemetry (opt‑in).

Cryptography

• AEAD: XChaCha20-Poly1305 or AES‑GCM
• KDF: Argon2id (memory‑hard) with salt & parameters tuned for device class

Vulnerability disclosure

If you discover a security issue, email security@soul.nysaclan.xyz with details and a proof of concept if possible. We’ll acknowledge receipt within 3 business days and keep you updated.

Subprocessors

We use a small set of infrastructure providers (e.g., hosting, payments). See Privacy for data processing details.

PGP key & security.txt (optional): host /.well-known/security.txt and publish our PGP key fingerprint here.