End-to-End Encryption FAQ

Day One encrypts your data, protects your privacy, and safeguards your data from end-to-end (client app to server).

See our blog post on Day One Encryption

What is end-to-end encryption?

End-to-end encryption utilizes a private key to encrypt all entries before they reach Day One servers. With possession of the encryption key stored locally on the device (and securely in iCloud), maximum security is assured for journal data. This data not only includes text, but all media files added to entries as well.

How do I use this feature?

End-to-end encryption is enabled by default for all new journals created after version 4.2. For journals not previously encrypted, there currently is not a way to convert a Standard Encrypted Journal to End-to-End Encryption. The dev team has paused this as they look into how to improve this in a future update. For now, please create a new Journal and copy entries over.

What if I lose my encryption key?

When using end-to-end encryption, it is essential you save your encryption key in a secure location. Day One is currently storing the key securely using iCloud associated with your Apple ID. If the option to store the key in iCloud is disabled, please save a copy of the key. If the key is lost, encrypted journal stored in the Day One Sync cannot be decrypted. Day One does not have access to the private key at any point.

Can I remove my encryption key from iCloud?

Yes. The option to remove the key from iCloud is:

iOS: Settings > Sync > Advanced Sync Settings > Only Store Encryption Key in Keychain

Mac: Settings > Sync > Advanced > Automatically save key to iCloud

Can Apple access my encryption key stored in iCloud?

If you have Advanced Data Protection enabled on your iOS or macOS device, then even if you store your key in iCloud, there’s no way for Apple to access it.

What is standard encryption?

This is the old encryption option prior to end-to-end encryption. Standard encryption encrypts your data “at rest” on our servers and securely transfers the data from our servers to the Day One app. This used to be the default. As of September 2019, new journals are generally created with end-to-end encryption as the default. While very secure, this standard security requires that Day One staff holds the keys to decrypt journal data.

How can I trust your encryption service? Has it been reviewed by third-party security experts?

After over a year of development work, we enlisted the services of nVisium, a noted security firm, to review our end-to-end encryption architecture. They found four medium-severity risks and three low-severity risks.  We have evaluated the remaining items and implemented solutions where we feel they are appropriate.

When was end-to-end encryption released?

End-to-end encryption is included in the 2.2 update for both iOS and Mac.

Does Day One Android support end-to-end encrypted journals?

Day One Android has supported end to end encryption since our release update from Day One Classic to Day One.

Does IFTTT work with encrypted journals?

Yes! If Day One is already connected in the IFTTT account, you may need to reconnect it for the encrypted journals to appear. See the troubleshooting steps in this guide: Using IFTTT with Day One

How does end-to-end encryption work with backups?

Day One Android supports two automatic backup methods—Day One Sync and text backups to Google Drive—and one manual backup method—JSON exports. Only Day One Sync backups are encrypted. Both text and JSON exports are not encrypted. Learn more about backups in Day One Android

Day One iOS supports three automatic backup methods—Day One Sync, text backups to iCloud, iCloud Device Backups—and one manual backup method—JSON exports. Only Day One Sync backups are encrypted. Text backups, iCloud Device Backups and JSON exports are not encrypted.

Day One macOS supports three automatic backup methods—Day One Sync, text backups to iCloud, Time Machine Backups—and one manual backup method—JSON exports. Only Day One Sync backups are encrypted. Text backups, Time Machine Backups and JSON exports are not encrypted.

Learn more about backups on MacOS and iOS.

Can I convert my existing Standard Encrypted Journal to End-to-End Encryption?

Currently, there is no direct way to convert a Standard Encrypted Journal to End-to-End Encryption. Our development team has paused work on this feature to explore ways to improve it in a future update. In the meantime, the recommended workaround is to create a new journal and copy your entries over. You can find instructions on how to move entries to another journal here: https://dayoneapp.com/guides/tips-and-tutorials/moving-entries-to-another-journal/

What if someone else has my encryption key?

You should never share your encryption key with anyone else, even when using shared journals. If someone else has your key, they can access your encrypted journal content. If someone who shouldn’t has access to your key, you will need to create a new account to get a new encryption key.

Is it possible for local malware to read encrypted journal data on macOS?

The macOS app uses a standard system application container, and the system permissions system will prevent other applications from accessing it unless the user gives that other app explicit permission. But it is not in a special encrypted container. If local malware were somehow installed with administrator rights that allow it to bypass those permissions, then it would also be able to read from such an encrypted container whenever the app is running; an encrypted container would not protect the data.

I need more help. How can I contact you?

Please visit https://dayoneapp.com/contact to contact our support service.

Capture life’s moments, anytime, anywhere.

Download the free Day One journal app for free on iPhone, Android, iPad, Mac, and Apple Watch. Or access your Day One Journal from any browser.

App Store
Android
Mac
Login Now