Professional Secrecy

Protect
Your Clients.
Secrecy is not optional.

For your business, professional secrecy is not optional. Writtt Pro elevates the confidentiality of your clients' notes to the code level. The readable text of your sessions and consultations only exists in your browser; we send only AES-256-GCM encrypted data to the cloud.

Everything is locked by an unbreakable key derived from the Argon2id algorithm. Work in a complete Rich Text Editor knowing that your clients' privacy is mathematically guaranteed.

Technical Architecture

Know how it works? Like this.

01
// your browser only
const text = "Your words..."

You Type

Content exists only in your browser's memory. Readable text never touches the network. Never. No HTTP request, no WebSocket, no logs — nothing leaves without being encrypted first.

Local memory · Read only
02
// AES-256-GCM
enc:4f9a2b...c7e81d
Argon2id(64MB, 3i, p2)

We Encrypt

AES-256-GCM encrypts every character with a key derived from your password via Argon2id (64MB memory, 3 iterations, parallelism 2). The key never leaves your device.

AES-256-GCM · Client-side
03
7a 4f c2 91 e8 3b 0d f5
a1 6c 88 d4 2e 79 b3 5a
f0 1d c7 63 9e 4b a2 8f
// meaningless noise

We Store

Only the encrypted blob reaches our servers. Without your master password, this data is nothing but meaningless noise. Not us, not hackers, not governments can read it.

Cryptographic noise · Unreadable
Zero-knowledge · Not even Writtt can access your data
Technical Questions

What skeptics ask.

If it's truly zero-knowledge, what happens if I forget my password?+
If you forget your password AND your recovery key, the data is unrecoverable. That's not a bug — it's proof it works. If not even we can recover it, it means not even we can access it. We recommend configuring the Recovery Key on first access.
How do you offer integrated AI without compromising privacy?+
Content is sent to the AI model directly from your browser to the provider (OpenAI, Anthropic, Google) via client-side calls. Writtt never sees readable text in transit. The AI processes and responds directly to your browser.
Is AES-256 really secure? Can't it be broken in the future?+
AES-256 requires 2^256 operations for a brute-force attack — more than the estimated number of atoms in the observable universe. Even viable quantum computers would need Grover's algorithm, reducing it to 2^128 — still astronomically secure.
Can you be legally forced to hand over data?+
We can be legally compelled to hand over what we have: encrypted blobs. Without your password, that data is cryptographic noise. We don't possess your encryption key, we don't store it, we don't transmit it. Handing over noise compromises nothing.
What stops a malicious employee from accessing my data?+
The architecture. There is no internal button, no secret admin panel, no backdoor that gives access to content. All sensitive data in the database ends in '_enc' — columns of encrypted blobs. Without the key derived from your password, they're meaningless bytes.

Your words safe in an unbreakable vault.

Join writers who trust the math, not promises. Real end-to-end encryption, premium editor, integrated AI — without compromising privacy.

Start Writing Free
No credit card required14-day PRO trial free
You only subscribe if the tool is useful to you