4 min read

Plain English Threat Model

Security is about being honest about risk. This model explains exactly what we protect against—and what we don't.

Protected Against

Database Leaks
Your Idea content is stored encrypted. Even if our database was fully leaked, your text remains unreadable as plaintext.
API Key Safety
We only store hashes of your API keys. We cannot see them, and they are shown to you only once at creation.

Where You Play a Part

Compromised Devices
If malware has access to your unlocked device, it can see your data just like you can. Secure your hardware!
Account Takeover
If someone gets your password/account credentials, they have access to your workspace. Use a unique, strong password.

Security Checklist

Strong Password FaceID / TouchID Revoke Unused Keys Disk Encryption

Learn more

Encryption Overview →

How we secure your content.

Data Residency →

Where our servers are located.

Last updated: February 2026

Report an issue