How TextSafe protects your data through client-side encryption and zero-knowledge design.
TextSafe operates on a zero-knowledge principle: we cannot read your data. This is not a policy choice-it is a technical constraint built into the architecture.
All encryption and decryption happens in your browser using the Web Crypto API. Plaintext never leaves your device.
Your passcode and color are never transmitted. We receive only a derived storage ID (hash) and encrypted ciphertext.
The server stores encrypted blobs. Without your credentials, the data is computationally indistinguishable from random noise.
Algorithm: AES-256-GCM (Galois/Counter Mode)
Key Derivation: Argon2id (memory-hard, GPU-resistant)
Memory Cost: 64 MB (resists GPU/ASIC attacks)
Time Cost: 3 iterations
IV: 12 bytes, cryptographically random per encryption
Storage ID: SHA-256 hash of derived key bytes
To prevent brute-force attacks on the color selection:
Limitations: TextSafe protects content confidentiality. It does not provide anonymity against network-level surveillance. For high-threat environments, combine with Tor or a VPN.