Before You Begin

Read this page fully before creating an account.

Use a VPN or Tor Browser before continuing. The app itself never sees or logs your real IP for anything it does on your behalf - but that protection only covers the app's own server, not your own device or network. Set that up first, on whatever device you'll use to reach the app.

VPN vs. Tor - they are not the same thing

A VPN hides your IP address from the sites you visit, but your browser still has a unique fingerprint - screen size, fonts, timezone, installed plugins - that can identify you across sites without ever needing your IP. Tor Browser is specifically built so that most users look identical to each other, which a VPN alone does not do. If your situation carries real risk, Tor Browser is the stronger choice - download it at torproject.org/download.

Private/incognito browsing is not anonymity

Private or incognito mode only avoids saving history on your own device. It does nothing about your IP address or your browser's fingerprint. Don't rely on it as a substitute for a VPN or Tor.

Don't stay logged into your personal accounts

An open Gmail, social media, or other personal account tab in the same browser session is a correlation risk, regardless of whether you're using a VPN or Tor. Use a separate browser, or a clean session with nothing else open, for this work.

Think about the device, not just the browser

Is the device you're using already tied to your identity in other ways - a work laptop, a phone with everything logged in? For higher-stakes situations, a separate or dedicated device is worth considering. A VPN on your home or work network still means that network knows VPN traffic originated from you at a specific time; for higher-risk situations, public wifi plus a VPN or Tor is a stronger combination.

A short note on phones

A fuller mobile security guide is planned for later - a few quick notes for now:

Basic device hygiene

For the highest-stakes situations, consider Tails instead of your regular operating system - a free, Linux-based system that boots from a USB stick, forces all internet traffic through Tor, and leaves no trace on the computer it's run from once shut down. It's the option journalist security guides (Freedom of the Press Foundation, EFF, and others) most often point to when the stakes are real, since it solves most of the device-hygiene concerns above at once rather than one at a time.

Keep identifying details out of your notes

Do not write your own name, a source's name, contact information, or other identifying details directly into a case in the app. If you need to record something like that, keep it in a local encrypted volume on your own device instead - VeraCrypt is a solid, free, well-regarded option for that.

What this app protects, and what it cannot

The app's own design: no email or identity collected at any point, encrypted notebooks the operator cannot read, and source archiving that always routes through the app's own server - never your IP - when saving a page to the Wayback Machine. It cannot protect you from your own device being seized, from being coerced, or from what you choose to type into a note. Those are yours to manage - the guidance above is the best we can offer, not a guarantee.

For what it's worth: this app's server is physically located in Canada, hosted by a UK-based company. Both have real privacy law frameworks (PIPEDA and provincial law in Canada; UK GDPR and the Data Protection Act in the UK). We're not lawyers and won't make specific legal claims about what that means for any particular situation - cross-border legal process is genuinely complicated - but we think it's honest to tell you plainly where the server actually sits rather than leave it unstated.

You shouldn't have to just take our word for any of this. The source code will be made publicly available on GitHub once debug and testing is complete, so the claims above can be verified by anyone - see the Project page for details.

Creating your account

There's no email and no username - your password is your entire login. Choose one at least 16 characters long, or use the built-in generator on the signup form. A memorable original sentence works well and doesn't need to be complicated.

When you create your account, you'll be shown a one-time recovery key. This is your only backup if you ever forget your password - save both your password and this recovery key somewhere safe (a password manager, or a secured physical note) before you need them, not after.

If you lose both your password and your recovery key, your account and everything in it is permanently and irreversibly gone. There is no "forgot password" email reset, and there is no way for us - or anyone - to recover it for you. That tradeoff is deliberate: it's what makes the anonymity real, since a recovery path is also a path that could be compelled to hand over access.

Log in periodically

If you do not log in at least once every 45 days, your account and all of your cases are permanently deleted, with no warning beforehand. This is deliberate: if you're ever unable to log in for any reason - including detention - your data does not remain on the server indefinitely waiting to be found. Logging in resets the clock, so periodic use is all it takes to keep a case alive; there's no way to warn you in advance since there's no email to warn you with.

Working with a team? There is no case-sharing feature in the app, by design - a shared login would mean one compromised team member exposes everyone else, with no way to revoke just their access. Each person should register their own separate account, and compare notes through whatever channel your team already trusts for sensitive coordination (in person, Signal, etc.).
Continue to the App