Your Letters, Protected

At Capsule Note, we understand that you're entrusting us with your most personal thoughts and memories. We take this responsibility seriously and have built our platform with security as a core principle.

Our security architecture is designed around the concept of "zero knowledge"—meaning we cannot access your letter content, even if we wanted to. Your letters are encrypted on our servers, and only you hold the keys to decrypt them.

All letter content is encrypted using industry-standard encryption algorithms:

Each letter is encrypted with a unique nonce, ensuring that even identical content produces different ciphertext. Key rotation is supported to allow periodic key updates without re-encrypting all existing content.

Our infrastructure is built on enterprise-grade cloud platforms with multiple layers of security:

• SOC 2 Type II compliant cloud infrastructure
• Database encryption at rest and in transit
• Automated daily backups with point-in-time recovery
• DDoS protection and Web Application Firewall (WAF)
• Network isolation and VPC architecture
• Regular vulnerability scanning and patching

We implement strict access controls to protect your data:

• Multi-factor authentication for all administrative access
• Role-based access control (RBAC) with least-privilege principle
• Comprehensive audit logging of all data access
• Regular access reviews and certification
• Secure development practices and code review
• Employee security training and background checks

We maintain compliance with industry standards and regulations:

We take all security reports seriously and appreciate the security research community's efforts to help keep Capsule Note safe.

We will acknowledge receipt of your report within 48 hours and provide regular updates on our investigation. We do not pursue legal action against security researchers who follow responsible disclosure practices.