Security at Comma
Your privacy isn't a feature. It's our foundation.
See Encryption in Action
Type something below and watch it transform into encrypted data. This is what happens to your journal entries before they ever leave your device.
This is what you see when you write in Comma
Encrypted Data
Your encrypted text will appear here...
This is what gets stored on our servers
How It Works
You type your thoughts in plain text, just like a traditional journal.
Encryption happens automatically using your unique key before data leaves your device.
Encrypted data is stored on our servers. We cannot read your original text.
Only you can decrypt it back to readable text when you access your journal.
Don't worry, this is a simplified demonstration. We would never share our true encryption approach.
How We Protect Your Privacy
End-to-End Encryption
Your journal entries are encrypted on your device before they're sent to our servers. We use AES-256 encryption, the same standard used by governments and banks worldwide. Even if someone intercepted your data in transit or accessed our servers, they would only see scrambled, meaningless text.
Encryption happens on your device, not our servers
Your encryption key is derived from your passphrase and never leaves your device
We physically cannot decrypt your entries, even if legally compelled
Zero-Knowledge Architecture
We built Comma so that we have zero knowledge of your journal content. We don't store your passphrase, we don't have backdoors, and we can't reset your password for you. While this means you need to remember your passphrase, it also means your privacy is mathematically guaranteed.
We never see your unencrypted data
No employee, admin, or third party can access your entries
Your trust in us doesn't matter—the math protects you
Secure Infrastructure
Our infrastructure is built on enterprise-grade cloud platforms with multiple layers of security. Regular security audits, automated monitoring, and industry best practices ensure your encrypted data stays safe.
Hosted on secure, SOC 2 compliant infrastructure
Automatic encrypted backups of your data
24/7 security monitoring and threat detection
Our Privacy Commitment
We don't sell your data. We don't track your writing habits for advertising. We don't share your information with third parties. Your journal is yours, period.
No ads, no tracking, no data mining
We collect only what's necessary to provide the service
Common Security Questions
What if I forget my passphrase?
Unfortunately, we cannot recover your passphrase or reset your password. This is by design—if we could recover it, we could access your entries, which defeats the purpose of zero-knowledge encryption. We recommend storing your passphrase in a secure password manager.
Can government agencies access my journal?
No. Because we use zero-knowledge encryption, we cannot provide unencrypted data to anyone, including government agencies. All we store is encrypted data that only you can decrypt.
How is this different from other journaling apps?
Many journaling apps claim to be "secure," but they encrypt data at rest on their servers—meaning they still have the ability to decrypt and read your entries. Comma uses end-to-end encryption, so your entries are encrypted before they leave your device. We never have access to unencrypted data.