DeepJournal

Sign inSign up

How DeepJournal approaches privacy and encrytion

If we want an AI that truly understands us, we must give it access to our most personal data — our thoughts, emotions, and memories. But that immediately raises the hardest question of all: How can we build this without anyone — not even developers — being able to read your data? In a world of large language models, cloud APIs, and constant synchronization, privacy by design isn't easy. Here's how we can make it possible — and what trade-offs it implies.

How DeepJournal approaches privacy and encrytion

1. Why Journaling Data Is Different

Your journal isn’t like any other app data.

It’s not transactional, social, or disposable — it’s you.

Losing control over it would be catastrophic.

That’s why end-to-end encryption (E2EE) must be the foundation.

Only the user should ever hold the keys. Even DeepJournal’s servers or developers should never be able to decrypt your words.

DeepJournal don’t use E2E for now but we are working on it.

2. The Challenge of E2EE for Structured Memory

But there’s a catch.

In DeepJournal, each new entry needs to update a structured memory — a map of your people, goals, emotions, and themes.

To do that, the system must sometimes search your past entries, find patterns, or build connections between concepts.

If all your data is encrypted on the server, that’s nearly impossible.

A server can’t:

  • Run search queries by text or embeddings
  • Link a new mention of “Laura” to older entries about the same person
  • Update your memory graph

It can only store blobs of ciphertext — completely opaque.

So the solution is to move intelligence to the user’s device.

3. Local-First Architecture: Your Data Stays With You

The answer lies in a local-first model:

all sensitive data — journal entries, structured memories, embeddings — is stored and queried locally, not in the cloud.

Technically, this can rely on:

  • IndexedDB / OPFS (Origin Private File System) for browsers
  • sql.js or SQLite for local persistence
  • Optional local caches for offline-first behaviour

The server’s role becomes purely synchronization:

it relays encrypted data between your devices using end-to-end encryption.

It never holds the keys, and it never sees plaintext.

All search queries, embeddings comparisons, and AI analyses happen locally.

When you write, the app analyses your text, updates your local structured memory, and only then synchronizes encrypted updates.

4. The Trade-off: Convenience vs. Privacy

This approach has one obvious drawback:

there’s no always-on remote worker analysing your data while you sleep.

Since everything is encrypted and local, background AI jobs can only run when your device is active.

That means your structured memory is updated when you open the app — not continuously.

But this trade-off is worth it.

Your data never leaves your control, and privacy isn’t a promise — it’s enforced by design.

5. The Hard Problem: Large Language Models

Even with local storage, we face another issue.

LLMs only understand plain text.

To use them, you must send decrypted data somewhere.

How do we ensure that nobody — not even DeepJournal — can see it?

There are three main paths forward.

Option 1: Run the Model Locally

If your device is powerful enough, you can run the LLM directly on it.

No data leaves your machine.

This is ideal, but today it’s still limited to smaller models and high-end computers.

Option 2: User-Provided API Keys

We could let users bring their own OpenAI (or Anthropic, Mistral, etc.) API key.

That way, the user, not DeepJournal, is the API client of record.

It doesn’t eliminate the trust issue — it simply moves it to the provider you choose — but it gives you control.

Option 3: Private Cloud Compute

The best long-term approach is similar to what Apple introduced with Private Cloud Compute.

In this model:

  • LLM requests are processed in a verified, isolated compute environment.
  • The system can’t store, log, or even inspect the data.
  • Each session is cryptographically attested and ephemeral.

It’s effectively end-to-end encryption for AI inference.

DeepJournal’s goal is to move toward such a system — where LLMs can help you reflect without ever exposing your words to anyone.

6. Toward a Private Intelligence

If we succeed, we’ll have something entirely new:

a system that can understand your life — deeply, contextually — without ever invading it.

A private intelligence:

a reflection partner that remembers everything you choose to share,

and forgets everything else.

The future of AI journaling won’t just be about insight.

It will be about trust.