How Client-Side Encryption Works

Short answer

Client-side encryption means your device encrypts the note before it is sent to the server.

Step by step

1. You write a note or change a mind map.
2. Your device uses encryption keys locally.
3. The readable content is turned into ciphertext on your device.
4. The server receives encrypted data, not the plain text version.
5. When you open the note later, your device decrypts it locally again.

Why this matters

If encryption happens before upload, the provider does not need a normal path to your readable notes for storage.

What still matters

Client-side encryption is not only about the algorithm. It also depends on:

• where keys come from
• whether the company can access those keys
• whether some content is still handled in plain text for previews, indexing, or support tools

Common confusion

Some products encrypt data during network transfer or while it sits on the server, but still decrypt it on the backend when needed. That is not the same thing as a system where the server never needs the readable note body in normal operation.

A practical takeaway

Client-side encryption is strongest when the service stores ciphertext and the user device is the normal place where decryption happens.