Architecture, not policy.
Mune is for the things you would usually delete. Reading those things is not a feature we have to protect. It is a thing we cannot do, because of how the product is built. The next four commitments explain what that means in practice and what it costs you.
Uncompromising, on purpose.
Zero-knowledge encryption means the only person who can read your entries is you. If you forget your passphrase and lose your recovery key, your data is gone. We cannot reset it. We cannot retrieve it. We chose this on purpose. If that is a deal-breaker, that is fine. Pick a different tool. The diagram below shows what happens when you save an entry and when you ask a reflection.
- 01
On device
You type.
The words exist in memory on your laptop or phone while you edit. They never leave in plaintext.
- 02
In transit
It is encrypted before it leaves.
A key derived from your passphrase encrypts the text in your browser. Only ciphertext travels over the wire.
- 03
At rest
The server stores a blob.
No key, no plaintext. Reading the file yields noise. Zero-knowledge by geometry, not policy.
Encrypted on your device.
Your entries are scrambled in your browser, on your laptop or phone, before anything is sent to a server. The cipher is AES-256-GCM with a fresh 96-bit nonce per entry. The server only ever sees scrambled bytes, never the words you wrote.
We do not have a key.
Your passphrase is the key. We never see it. The server never sees it. Authentication uses Clerk, which means we know your email, but we do not tie your conversations to a name. If you forget your passphrase and lose your recovery key, your data is unreadable. To us. To you. To anyone.
Reflect chat is not stored.
Messages to the reflection model are wiped on send. No training data. No retention. No "we may use anonymized" fine print. Only the journal entries you choose to save persist on our side, in ciphertext. We do not train on your entries. We do not sell data. We do not run ads.
The crypto code is open.
The cryptography lives in a separate package called @mune/crypto. It is open source. Anyone can read it, run it, and check that what we claim matches what we ship. You do not have to take our word for any of this.
For the people who want the details.
The rest of this page is written for engineers, security researchers, and journalists. If that isn’t you, the plain-language section above is the whole story.
- Cipher
- Journal entries and chat transcripts are encrypted with AES-256-GCM. Each payload has a unique 96-bit IV, and GCM’s authentication tag guards against tampering.
- Key derivation
- The data-encryption key is derived from your passphrase using PBKDF2 (310,000 iterations, SHA-256, 16-byte salt). The derivation happens in-browser; the passphrase never leaves your device.
- Zero knowledge
- The server sees ciphertext, IVs, and metadata necessary for sync (blob IDs, revision numbers). It does not see passphrases, keys, plaintext, or anything derived from plaintext.
- Reflection requests
- Messages sent to the reflection model travel over TLS 1.3 and are not written to disk. The model provider is contractually forbidden from logging, retaining, or training on the content. Requests are proxied through a thin gateway that strips identifying headers before forwarding.
- Retention
- Journal entries live until you delete them. Reflection transcripts are retained on your device only; they do not leave it a second time. Account deletion purges ciphertext within 24 hours.
- Open source
- The cryptographic primitives and the client-side encryption layer are published under the mune-crypto package.
- Threat model
- The model assumes a compromised server, a subpoena, and a curious operator. It does not, and cannot, protect against a compromised client (keylogger, malicious extension) or a weak passphrase. Use a strong one.
- Subpoena posture
- If a government asks, the most I can produce is ciphertext and account metadata (email, timestamps). A transparency report will go up the first time I receive a request.