// security

Trust shouldn't be a promise. It should be the architecture.

Retia holds your thinking — so it's built so we can't read it. Operator-blind by design, encrypted by default, and yours to take entirely off our hands if you choose.

We can't read what you don't open.

Standard Mode: zero-knowledge, like a bank vault.

For your most private work, Retia offers something most tools can't: true zero-knowledge encryption. Your content is encrypted in your own browser, before it ever reaches us. We receive nothing but ciphertext — and the key to open it never leaves your device. It's the same principle that protects serious financial systems: the operator holds the locked box, but never the key.

Encrypted on your device

Content is sealed in your browser. What reaches our servers is already unreadable — we never see the original.

The key stays with you

The decryption key never leaves your device. Not stored on our servers, not recoverable by us. No key, no read — by design.

Invisible to the AI, too

Standard Mode notes are dropped from search entirely, and can't be fetched by any agent or the operator. Truly private means private from everyone.

For everyday work, Smart Mode keeps notes searchable and AI-usable — with sensitive layers encrypted server-side. You choose, per note, where each piece of knowledge lives.

How that's true, not just said.

Encrypted by default

Notes are encrypted before they rest, and sensitive ones open only when you unlock them. Choose Standard Mode and encryption happens in your browser — zero-knowledge, so not even we can decrypt it. The default posture is closed, not open.

Operator-blind

We run the service, but we're built not to see into it. The operator cannot read what you keep closed — yet the agent you authorize still can. That's the point: your secrets stay invisible to us, while the agent you trust acts on your behalf. Privacy that doesn't cost you usefulness.

Self-host, your keys

If you'd rather trust no one at all, run Retia on your own database with your own keys. Then there's nothing for us to see, by construction. The most private option isn't a feature you ask for — it's a door we leave open.

Append-only by nature

Your knowledge isn't silently overwritten or hard-deleted. History is preserved; changes layer on top. What you've built can't quietly vanish — a safeguard against both mistakes and tampering.

What we commit to.

Your data is yours. We don't sell it, train on it, or mine it.
Encryption is the default. Closed first, opened only by your choice.
Export anytime. Your knowledge is portable — Retia travels with you, never holds you hostage.
KVKK & GDPR aligned. Built as a data processor, with regulated work in mind.
Independently reviewed. Security is checked by separate eyes at every major milestone, not self-graded.
We don't want to own your mind.
We want to be the ground it stands on.

Found something?

Security is a practice, not a finish line. If you believe you've found a vulnerability, we want to hear from you — quietly, directly, and with our gratitude. Responsible disclosure makes Retia safer for everyone who trusts it.

Reach us at [email protected] — we read every report.

Hold your thinking safely.

Start free Read the manifesto