slowbloom

Data and privacy

slowbloom is end-to-end encrypted, also called zero-knowledge. Your entries are encrypted right in your browser with a key derived from your password, and the server only ever stores scrambled text it cannot read. This page is an honest, specific account of what that protects and what it doesn't.

What is encrypted

The following is locked so that only you can read it. The server stores it as ciphertext and has no way to decrypt it:

  • Your entry's body and title
  • Your tags
  • Your trackers
  • Images you upload, which are encrypted in your browser before they ever leave your device

What is not encrypted

To make the app work, a small amount of metadata is stored in a form the server can see. We'd rather be clear about this than imply more than is true:

  • The entry's mood colour
  • Timestamps — when an entry was created, last updated, and the date it belongs to
  • Your email address
  • Your plan (Free or Bloom)
  • If you opt into friends: your chosen username and social activity such as your weekly streak

So the server knows that you wrote something on a given day and the colour of the mood you picked, but never the words, titles, tags, trackers, or pictures themselves.

Friends are entirely optional and off until you turn them on. Even then, a friend can see that you wrote and your weekly streak — never what you wrote.

Your encryption key

Your key is derived from your password and never sent to the server. This is why we can't read your journal, and also why we can't reset your password for you. If you forget it, your recovery code is the only way back in.

Because the key lives with you, your privacy doesn't depend on trusting our servers. Even if someone gained access to the database, your writing would stay unreadable.

How the AI is used

The AI companion, part of the Bloom plan, is off by default and turned on per feature. Nothing is sent automatically. Only the specific text you choose is shared, and only at the moment you invoke an action like asking for a reflection, a prompt, or a summary. If you never use an AI feature, none of your writing is ever sent for it.

When you do use it, AI runs on Mistral, an EU provider: the text is processed within the EU and is never used to train AI models.

Exporting your writing

You can export your flower as an image, a visual keepsake of your journaling over time. See the Account page for more on keeping copies before deleting your account.

Learn more

For the full legal details, read our Privacy policy and Terms.

Last updated May 2026