Skip to main content
Moments logo Journal Jar

End-to-End Encryption in Journal Jar

Your private moments should stay private. That's why every new collection you create in Journal Jar is end-to-end encrypted by default — your entries are scrambled on your iPhone before they're uploaded, and only you (and the people you share a collection with) can unscramble them.

This page explains how it works, what is protected, and what you should do to make sure you never lose access to your encrypted memories.

What end-to-end encryption means

End-to-end encryption (E2EE) means your data is encrypted on your device before it leaves it and stays encrypted until it reaches another device that is allowed to read it. The servers in between only ever see scrambled data.

In practical terms, this means:

  • We, the developers, cannot read your encrypted entries, titles, or photos.
  • Anyone who somehow obtained a copy of the data on our servers would only see ciphertext.
  • Only your devices — and the devices of people you've shared a collection with — hold the keys needed to decrypt the content.

What is encrypted

When a collection is end-to-end encrypted, the following content is encrypted on your device before being uploaded:

  • The text and title of every moment in the collection
  • The name of the collection itself
  • All photos attached to those moments

Some metadata stays unencrypted so the app can keep working: the mood, the significance rating, and the date of an entry. This lets features like the Remember tab continue to function — and gives you statistics about your moments — without compromising the privacy of your actual content.

How keys work

Encryption relies on keys. In Journal Jar, there are two kinds:

  • A personal key pair (a public and a private key) that belongs to you. Your public key is shared with our servers so others can wrap collection keys for you. Your private key never leaves your devices.
  • A collection key for each end-to-end encrypted collection. This is the actual key that encrypts and decrypts the content in that collection.

When you create an end-to-end encrypted collection, Journal Jar generates a fresh collection key on your device. That key is then wrapped with your personal public key and stored on our servers — wrapped, never plain. Only your private key can unwrap it.

When you invite someone to a shared encrypted collection and they request to join, the collection key is wrapped with that person's public key the moment you approve them — so only they can unwrap it on their device. Each member of the collection has their own wrapped copy of the same collection key.

Why iCloud Keychain matters

Your private key — the one that decrypts everything — is stored in the iOS Keychain on your iPhone. The Keychain is Apple's secure storage for sensitive data like passwords and cryptographic keys.

If you enable iCloud Keychain sync in your iPhone settings, the Keychain is synchronized across your Apple devices through Apple's secure end-to-end encrypted sync service. That means your private key follows you to your iPad, your new iPhone after an upgrade, or any other Apple device signed in to the same Apple Account.

This is critical, because we never have a copy of your private key. If the key is only on a single device and that device is lost, replaced, reset, or wiped without iCloud Keychain sync turned on, the key disappears with it — and the encrypted content can no longer be decrypted. Not by you, not by us.

Our recommendation

To keep your encrypted moments safe and accessible across devices:

  • Turn on iCloud Keychain sync on your iPhone. You can find it under Settings → [Your Name] → iCloud → Passwords and Keychain. This makes sure your private key is securely backed up and synchronized to all your Apple devices.
  • Keep iCloud Keychain sync enabled as long as you use end-to-end encrypted collections.
  • Stay signed in to the same Apple Account on the devices where you want to read your encrypted collections.

If you would rather not rely on iCloud Keychain, you can choose to disable end-to-end encryption for individual collections when you create them. Unencrypted collections do not depend on the key being available, so they can always be recovered after a device change. The trade-off is that the content of those collections is not protected by end-to-end encryption — it is still encrypted in transit, but we and our infrastructure could technically access it.

Because of how the keys work, you cannot switch a collection between encrypted and unencrypted later. The choice is made when the collection is created.

What happens if I lose my private key?

If your private key is gone and you have no other device with a synced copy of the Keychain, the encrypted content in your collections cannot be recovered. We do not have a backup of your key and cannot decrypt your data on your behalf — that is the whole point of end-to-end encryption.

The good news: with iCloud Keychain sync enabled, this is very unlikely to happen. Apple manages the secure synchronization of the Keychain, and as long as you stay signed in to your Apple Account, your key will be available on every device you set up.

A note on shared collections

In a shared end-to-end encrypted collection, every member needs their own private key on their device to decrypt the content. The same recommendation applies to them: iCloud Keychain sync should be enabled. If a member loses access to their key, they lose access to the collection — but the collection itself remains intact for the other members, who can keep using it normally.

If you have any questions about encryption in Journal Jar, feel free to reach out to us.