Security

Last updated: 2026-05-02

Singletick is a zero-knowledge productivity app. Everything you create is encrypted on your device before it touches storage, with a key derived from a passphrase only you know. We have no copy of your data, no key to decrypt it, and no way to read it even if compelled to.

How your data is protected

• Encrypted on your device. Every entry — habit, todo, note, pledge, mood entry, focus session — is sealed with strong, modern encryption before it is written to storage.
• Key never leaves your phone. The encryption key is derived from your passphrase using a memory-hard key-derivation function and stored in your device's secure enclave. We never see it.
• Backup is yours. If you enable Pro backup, the backup blob is sealed with a key derived from the same passphrase and uploaded to your own Google Drive or iCloud as opaque ciphertext. Singletick has no access to your cloud account.
• 2FA (Pro). Optional second-factor unlock using any standard authenticator app.
• Recovery key (Pro). A printable secondary key you can store offline as a backup against a lost passphrase.

How to report a vulnerability

Email hello@juleshq.co with as much detail as you can — repro steps, affected version, your proposed severity. We'll acknowledge within 72 hours and work with you on a coordinated-disclosure timeline.