Everything you need to know about docstead, from encryption details to pricing.
Because our costs are genuinely low. Zero-knowledge encryption means we store only encrypted blobs—we can't process, analyze, or index your content, so there's no expensive AI or complex infrastructure. Simple app, lean architecture, minimal server costs. We pass those savings on as a fair price.
As long as docstead operates. We run lean—no offices, no investors demanding growth. Our infrastructure (database, hosting, domain) is prepaid for years ahead. This isn't a promise of forever, but a business designed for longevity, not a quick exit.
No. You get a full 7-day free trial with complete access to everything. Test it thoroughly before paying. If it's not for you, don't pay. Once you pay, it's final—it's $10 for lifetime, we keep it simple.
Yes. Purchase a gift code from the Gift page and share it with them. They can redeem it for lifetime access without entering payment details.
No. Documents are encrypted in your browser before they reach our servers. We store encrypted blobs that are indistinguishable from random data. Even if our database were breached, attackers would get nothing readable—just ciphertext without the keys.
XChaCha20-Poly1305 for symmetric encryption of your documents. This is the same algorithm used by Cloudflare, WireGuard, and many security-critical applications. The extended nonce (24 bytes) eliminates nonce-reuse concerns even with many documents.
Your password never leaves your device in plain text. We use Argon2id for key derivation—the winner of the Password Hashing Competition, recommended by OWASP. It's memory-hard, making GPU and ASIC attacks impractical. Your encryption key is derived client-side; we only receive a separate authentication hash.
Your data is unrecoverable. This is the fundamental tradeoff of zero-knowledge encryption. There's no "forgot password" flow because we don't store anything that could decrypt your documents. No backdoor, no recovery key, no admin override. Your password is the only key.
Attackers would get encrypted blobs and password hashes. The blobs are useless without your password. The hashes use Argon2id, which is specifically designed to resist cracking attempts. Your documents remain protected by the encryption you created client-side.
We don't need it. No password resets (impossible with zero-knowledge), no marketing, no newsletters. Your username and password are the only credentials. Less data collected means less data at risk.
No. No Google Analytics, no cookies, no fingerprinting, no third-party scripts. We don't track what you write, when you write, or how you use the app. We literally can't—your documents are encrypted and we don't have telemetry.
Yes. We collect minimal data (username, encrypted documents), don't process personal data for profiling or marketing, and you can export or delete everything at any time. Zero-knowledge architecture means GDPR's "right to be forgotten" is straightforward—delete your account and the encrypted blobs become permanently meaningless.
Your documents remain encrypted. New owners couldn't read them any more than we can. The zero-knowledge architecture is baked into the system—it's not a policy that can be changed, it's how the cryptography works.
Unlimited. No storage caps, no document limits, no artificial restrictions.
Yes. We keep up to 50 versions of each document, all encrypted. You can restore any previous version from the document editor.
No, text only. This is intentional—it keeps the app simple, fast, and focused. If you need image storage, there are better tools for that.
Settings → Export. Choose Markdown or plain text. Documents are decrypted client-side and exported—your data is yours, no lock-in.
24 themes including Rosé Pine, Tokyo Night, Catppuccin, Dracula, Nord, Solarized, Gruvbox, and more. Plus 30+ font choices.
docstead is a Progressive Web App (PWA). You install it directly from your browser—no app store needed. Once installed, it works like a native app with its own icon, splash screen, and window.
Open docstead in Safari (not Chrome or other browsers—iOS requires Safari for PWA installation). Tap the Share button (square with arrow), scroll down, and tap "Add to Home Screen". Name it and tap Add. The app icon will appear on your home screen.
Open docstead in Chrome. Tap the menu (three dots), then tap "Install app" or "Add to Home Screen". Confirm the installation. The app will appear in your app drawer and home screen like any other app.
Safari: Click the Share button in the toolbar, then "Add to Dock". The app will appear in your Dock and work in its own window. Chrome/Edge: Click the install icon in the address bar (or Menu → Install docstead).
Open docstead in Chrome or Edge. Click the install icon in the address bar (looks like a monitor with a down arrow), or go to Menu → Install docstead. The app will appear in your Start menu and can be pinned to your taskbar.
The app shell loads offline, but documents require a connection to sync. We don't store decrypted documents locally for security reasons—if your device is compromised, your documents shouldn't be accessible in plain text on disk.
Any modern browser: Chrome, Firefox, Safari, Edge. We use standard Web Crypto APIs for encryption. Internet Explorer is not supported.
Documents sync automatically when you have a connection. Changes are encrypted client-side, sent to our servers, and synced to your other devices where they're decrypted. Conflict resolution uses last-write-wins with version history as a safety net.
Encrypted documents are stored in a database with edge replication for fast access globally. The encryption happens in your browser—the servers never see plaintext. TLS 1.3 protects data in transit.
Email sup@docstead.com with details about what happened, what you expected, and your browser/device. Screenshots help.
Email sup@docstead.com. We read everything, though we intentionally keep docstead simple—many feature requests conflict with our minimalist philosophy.
Still have questions? Email us at sup@docstead.com