When you enable Grid Diary Sync, your data is stored on a secure database provided by Grid Diary and only the developer is allowed to access that data. But since the data is stored as plain text so anyone has that data have no problem reading it (we as the developer, hackers, or our service providers).
The solution is end-to-end encryption. End-to-end encryption utilizes a private encryption key to encrypt all entries before they reach the Grid Diary sync servers. With that, no one can read your data on the servers, even us.
How does it work?
The app will generate a random encryption key. The key then will be encrypted with another random generated encryption passphrase. With possession of the encryption key stored locally on the device, maximum security is assured for your data.
The app will encrypt data using the encryption key so your data is always encrypted before sending to the servers.
When a new device join, the app will ask for the passphrase to decrypt the encrypted-encryption-key then store it on that device for later use.
What will be encrypted?
Text and photos of your entries, the title of your journals. Please note that the tags and your custom prompts and quotes are currently not encrypted.
What if I forgot my encryption passphrase?
Only you keep the passphrase. Without it, you can't decrypt data on a new device. Grid Diary does not have access to the encryption key at any point. It is your responsibility to keep the encryption key in a safe place.
Grid Diary also offer a feature to store your encryption key securely on iCloud through your Apple ID, so you don't have to enter the passphrase manually on all your Apple devices. This feature is on by default.
How to set up end-to-end encryption?
Preparation 1: All clients must be upgraded to the latest version (3.0.0+) in order to support end-to-end encryption. If you have a device that cannot be upgraded to the latest version, that device will not be able to decrypt data properly.
Preparation 2: If you are already using the sync service, please make sure the sync has been completed successfully. Check if the data on the current device has been fully synchronized, otherwise there will be a risk of losing data. Also, when you set up encryption for the first time, please use only one device for operation, and temporarily turn off the sync function on other devices or quit the application completely.
Select the journal you want to encrypt, enter the journal settings, and select "Encrypted" from the encryption options at the bottom.
Then you will be automatically taken to the encryption settings view. Tap "Create Encryption Key" and your encryption key will be created.
If you have a large amount of data, please be patient and wait for the sync to complete.
After the sync is complete, then re-enable the sync function on other devices in turn and wait patiently for the sync to complete. If the application automatically pops up a screen to enter the passphrase, please paste or scan the QR code on that screen to enter the passphrase.
How to check the encryption password?
iOS / iPad OS: Tap the top left avatar - Sync - View Encryption Key
macOS: Main Menu - Preferences - Sync - View Encryption Key
Android: Tap the top left avatar - Data - View Encryption Key