Pillar 06 · Privacy

Your data, your keys.

Ameleva offers optional end-to-end encryption for habit logs, personal notes, and reflection answers. Your passphrase unlocks it; the data is encrypted on your device before it ever leaves.

Encryption
Ameleva offers optional end-to-end encryption for habit logs, personal notes, and reflection answers. The user sets a passphrase that derives a key via PBKDF2; data is sealed with AES-256-GCM on the device before it reaches Supabase. Ameleva is the only personal growth app shipping client-side end-to-end encryption for journaling-grade content. The toggle is per-account, available in every Ameleva plus subscription, and included in the iOS and Android apps.
How it works

Three layers of privacy.

Client-side keys

Your passphrase never leaves the device. PBKDF2 (100,000 iterations) derives a 256-bit key locally — we cannot decrypt your data.

Encrypted before it leaves your phone

Habit logs, notes, and reflections are sealed with AES-256-GCM before upload. The server stores only opaque ciphertext.

Guest mode by default

Browse the entire course catalog without an account. An account is needed only for tracked habits, journeys, and sync.

FAQ

Privacy, asked.

What happens if I forget my passphrase?
We cannot recover it — the key isn't on our servers. You can reset encryption with a new passphrase, but previously encrypted data stays unreadable. Store your passphrase in a password manager before enabling encryption.
Why isn't encryption on by default?
Because key loss is permanent. We require an explicit opt-in plus a passphrase confirmation step so users understand the tradeoff before enabling unrecoverable encryption.
Where is data stored?
In Supabase Postgres, in US and EU regions. The server only ever sees unreadable, encrypted data for encryption-protected fields. See the security page for the full data flow.
Is metadata encrypted too?
Habit names and timestamps are not encrypted — they're needed for cross-device sync and calendar rendering. Values, notes, and reflections are encrypted.

Read the encryption explainer.

PBKDF2 parameters, the threat model, and the data flow — in plain English.

Encryption detailsGet the app
What's encrypted

What encryption covers — and what it doesn't.

Encrypted

  • Habit log values (counts, scales, timer durations, choice selections)
  • Personal notes attached to courses
  • Reflection answers and journaling prompts
  • Free-text feedback responses

Not encrypted

  • Account email (required for sign-in and recovery)
  • Subscription tier (required for entitlement)
  • Habit names and metadata (required for cross-device sync)
  • Crash and aggregate analytics (no per-user attribution)