We cannot read your notes. Not “we choose not to” — literally cannot.

• Note titles, bodies, plain-text indexes, and tags
• Task titles, descriptions, tags, and origin-note labels
• Task recurrence settings (interval + anchor day) — the server can’t tell which tasks repeat, how often, or on what day
• Folio names, descriptions, and section names
• Subtask titles
• Template names and bodies
• Link URLs and user-chosen labels
• Note history (every version snapshot, independently encrypted)
• Task handoff contents (encrypted under a one-time key that rides in the share URL’s fragment, never hitting our server)
• Published note links — the snapshot a recipient receives when you “Publish as link” is encrypted under a fresh content key that lives in the URL fragment. Our server stores only the ciphertext, the recipient’s email address, and a bcrypt-hashed 6-digit access code that expires after first use or 15 minutes

This isn’t obfuscation, a promise, or a policy — it’s an architectural property of the system. We ship the code that makes it so; the details are in the public repository.

When you sign up, your browser generates a random 256-bit Master Key (MK). That MK is wrapped under two things we store in encrypted form: your password-derived key (Argon2id, strong parameters) and a 200-bit Recovery Key you see once at signup. We store the wrapped blobs; we never store the MK itself or anything that would unwrap it.

Every piece of user content is encrypted under the MK with XChaCha20-Poly1305 (authenticated encryption). On your next login your password unwraps the MK back into your browser; the server hands out ciphertext and your browser decrypts it before anything renders on screen.

Some data is metadata the server genuinely needs to make the app work. We try to keep this list as short as possible.

• Your email address and the salted password hash Supabase stores, so you can sign in
• Row identifiers, timestamps, and foreign keys — so sorting, filtering, and “most recent” work server-side
• Non-content task fields: status, priority, due date + time, folio membership, handoff state
• Folio color-dot choice (a palette slot, not a name)
• Workspace plan tier (free / pro), billing records, and total item counts used for Pro limits
• In-app activity events — a task was completed, a note was opened, a folio was visited. These are entity IDs and timestamps only, no content — used to power features like most-used-folio ranking and completion-momentum hints. Retained 90 days, never shared with a third party.
• Server logs, capped at what’s needed for debugging — no request bodies, no query results

We do not have access to your note bodies. We cannot recover them for you if you lose both your password and your recovery key. That’s the trade-off; it’s the same one Signal, 1Password, and Proton make.

What can’t happen:a Tareea employee reading your notes, a court order producing your notes, a breach of our database leaking your notes in readable form, our AI features analysing your notes. None of those are possible because the keys aren’t here.

What can still happen:if you lose both your password and your recovery key, your notes become permanently unreadable — we can’t help you. If your device is compromised while you’re signed in, the attacker can see what you see; E2E doesn’t protect you from a keylogger on your own machine. If you share a handoff link with someone, that person gets the decryption key via the URL’s fragment and can read that one task.

We nudge you periodically to re-verify your recovery key in Settings → Security — the one-minute check now prevents the painful can’t-recover scenario later.

• Supabase (EU region) stores our database and handles your auth session. They see ciphertext and metadata, same as we do.
• Vercel hosts the web app. HTTPS terminates there. Decryption happens in your browser after the bytes leave Vercel.
• Cloudflare fronts the public Have I Been Pwned password-breach API we use on signup. We send the first 5 hex characters of your password’s SHA-1 hash (k-anonymity); the full password never leaves your browser.
• Resend sends our transactional emails (signup confirmation, password-reset). Those emails contain routing tokens, not your content.
• Vercel Analytics and Speed Insights collect anonymised pageview + performance numbers. No user content, no personally identifying data.

We don’t sell data to advertisers. We don’t embed third-party trackers. We don’t run server-side analytics on the contents of your notes — we literally can’t.

• Exportany note as Markdown, PDF, or DOCX at any time — your data is yours.
• Export your calendaras an .ics file from Settings → Calendar. The file is built entirely in your browser from decrypted tasks — it contains no links back to Tareea, so importing it into Google / Apple / Outlook doesn’t leak your task identifiers to your calendar provider.
• Delete any note, task, folio, or your whole account. Deletions propagate within 30 days (soft-delete window for accidental undo).
• Change your password any time without re-encrypting anything (we re-wrap the Master Key, not your content).
• Rotate your recovery keyany time from Settings → Security — whether you’ve lost it, suspect someone saw it, or just want to cycle keys on a schedule. Rotation generates a fresh key in your browser and invalidates the old one. Your password stays the same.
• Enable two-factor auth in Settings for an additional layer on sign-in.

Questions, concerns, or a responsible security disclosure? [email protected]. For a security issue, please include reproduction steps and a reasonable disclosure window — we’ll respond within 72 hours.