Comment by patillacode

There are two cases:

Self-hosted: your data lives entirely on your own machine/server and obviously I never see it. That's the primary privacy model the app is designed around.

piruet.app (my hosted instance): you're basically trusting me. (I know, trusting a random stranger on the internet... right?)

Other things I can tell you: Passwords are bcrypt-hashed and I can't recover them, but journal entries are stored in a SQLite database on the server. There's no at-rest encryption of content, so in principle the server's administrator could access the entries. I don't do it on principle and there's no infrastructure set up to do so, but I can't make a technical guarantee of that.

If you just don't trust the person hosting it, I'd honestly recommend self-hosting yourself.

At-rest encryption of entries is something I'd like to add, it's just not there yet. In the meantime, piruet.app is best treated as a demo/trial environment rather than a permanent home for sensitive writing.

If you have thoughts on how to approach encryption in a way that doesn't break usability (search, rich text, etc.) I'd genuinely love to hear them.