Sync and your recovery code

OriginText is local-first by default: every note is stored on your device, in your browser's on-device storage, and nothing is sent anywhere unless you opt in. Sync is optional — you can use OriginText indefinitely on a single device with no account and no network access. If you want your notes on more than one device, you can turn on encrypted sync.

How encrypted sync works

When you enable sync, OriginText derives an encryption key from a passphrase you choose. The key is derived on your device using a one-way function, which means the passphrase itself is never transmitted and the derived key never leaves your device. Your notes are encrypted locally before anything is sent to the sync server, so what the server stores and transfers is ciphertext — an unreadable sequence of bytes.

The sync server routes and stores your encrypted data, but it has no copy of your key. It cannot decrypt your notes, and neither can anyone with access to the server. This design is often called zero-knowledge encryption: the service is structurally prevented from reading your content, not just promised to be good.

The recovery code

When you first set up encrypted sync and choose a passphrase, OriginText generates a recovery code — a long random string that is a second path into your encrypted data. You are shown this code once, during setup. Write it down and keep it somewhere safe: a password manager, a piece of paper in a secure place, or both.

The recovery code exists because passphrases get forgotten. If you lose your passphrase, the recovery code is the only other way to decrypt your notes and regain access to your sync data.

There is no backdoor

This is the hard part: because the encryption key is derived from your passphrase (or recoverable via your recovery code), and neither of those is stored or transmitted, there is no way for OriginText's servers to help you recover access if you lose both. There is no "forgot my passphrase" email reset, because a reset would require the server to have access to your keys — and it doesn't.

If you lose your passphrase and your recovery code, your sync data is permanently inaccessible. The local copy on whichever device you last used remains, but the server copy cannot be decrypted by anyone.

This tradeoff is intentional. Privacy enforced by cryptography is fundamentally stronger than privacy enforced by a policy. The absence of a backdoor is the whole point.

Practical recommendations

  • Store your recovery code somewhere durable. A password manager entry is convenient; a printed copy in a physical secure location is a good belt-and-suspenders backup.
  • Test the recovery flow on a secondary device before you rely on it. Import your sync credentials and recovery code and confirm the notes appear as expected.
  • Your local copy is always yours. Even if you lost access to sync entirely, the notes on any device where you are logged in remain readable and editable — sync loss is not data loss on the local device.