Kagura is a private notes app where your master password never leaves your device. The server stores only encrypted blobs it cannot decrypt.
PBKDF2 with 600,000 iterations derives two keys from it locally in your browser.
An auth key (hashed once more) is sent to verify your identity. An encryption key stays in memory — never transmitted.
AES-256-GCM encrypts your content with a fresh random IV every save. The server receives ciphertext it cannot read.
Your master password derives both an auth key and an encryption key locally. The server never sees either — only an irreversible hash.
Notes are encrypted with AES-256-GCM in your browser before they're sent anywhere. Encrypted blobs are all the server ever stores.
Sign up with a username and password only. No email address, no OAuth, no tracking.
The encryption key lives only in browser memory. After 15 minutes of inactivity your session locks and the key is gone.
By design. If you forget your master password, your notes are unrecoverable — because we truly have no way to read them.
Built on standard Web Crypto APIs (PBKDF2 + AES-256-GCM). No proprietary crypto, no black boxes.
Most note apps leave plaintext traces on your device, in backups, and on their servers.
| Kagura | Notion | Apple Notes | Obsidian | |
|---|---|---|---|---|
| Hidden from provider | ||||
| Never written to disk as plaintext | ||||
| Excluded from cloud backups | — | |||
| Invisible in forensic disk image | ||||
| No email / identity required | ||||
| Nothing useful to subpoena | — | |||
| Encrypted at rest on server | — | — | — |
— = not applicable or depends on configuration
We believe in honest security. Here is exactly what Kagura protects you from — and what it does not.
Server breach
The server stores only AES-256-GCM ciphertext. Without your master password, a breach exposes nothing readable.
Forensic disk imaging of your device
Nothing is written to disk by Kagura. No SQLite files, no local cache, no plaintext — unlike native note apps.
Cloud backup (iCloud, Google)
Kagura runs in the browser and writes nothing to device storage, so nothing lands in device backups.
Legal subpoena to Kagura
We can hand over the database. It contains only encrypted blobs and auth hashes. There is nothing else to give.
Live memory forensics (RAM capture)
Decrypted note content and the encryption key exist in browser memory while your session is active. A live memory dump could capture them.
Compromised device (malware)
If malware runs on your device before or during your session, it can intercept keystrokes or read browser memory. No app can protect against this.
Browser history / metadata
Your browser records that you visited Kagura, and when. Note content is never exposed, but the fact that you use the service is not hidden.
No email required. No reset link. Just you and your notes.