Skip to main content
How MoodHaven Protects Your Journal

How MoodHaven Protects Your Journal

May 23, 20253 min readby Ken LaCroix

When you write in MoodHaven Journal, your entries are more than just saved — they're safeguarded.

Here's how MoodHaven keeps your journal private, both on your device and (optionally) in your own cloud.

1. Local Encryption, Always

Every journal entry is encrypted on your device before it is ever stored.

We use AES-256-GCM — a strong, authenticated encryption standard. Your entries aren't just password-protected — the text of every entry is encrypted at the data level, so someone who reached your device's storage would see only ciphertext where your writing lives. A small set of fields is kept in plaintext on purpose so the app can show mood trends and tag views without decrypting everything: mood scores, dates, tag names, and optional location. As of 1.8.0 the database file itself is also encrypted at rest, so those fields are protected on disk too. (In earlier versions that database-level layer didn't engage — see the note below.)

Your encryption key is never stored anywhere. It's derived fresh from your password each time you unlock the app.

2. PBKDF2 Key Derivation

When you set your MoodHaven password, the app doesn't use your raw password directly. Instead, it derives a strong cryptographic key using PBKDF2-HMAC-SHA256 with 600,000 iterations.

This means an attacker who somehow obtained your encrypted database would face an enormous computational cost to guess any password.

You own your key. No servers, no password resets, no hidden copies. If you forget your password, we genuinely cannot help you recover it — because we don't have it.

3. Per-Entry Salts

Each journal entry uses its own random 16-byte salt during key derivation. This means that even if one entry's encryption were somehow compromised, it wouldn't affect any other entry.

Your journal isn't a single encrypted blob — it's a collection of individually protected pieces.

4. Optional Encrypted Sync

If you choose to sync, only encrypted blobs are transferred. MoodHaven never sends raw or decrypted data — not even to private clouds or your own servers.

You control where the ciphertext lives. MoodHaven just moves it.

A correction worth making

Versions of MoodHaven before 1.8.0 advertised database-level encryption at rest that didn't actually engage — a key-format bug meant the database file stayed unencrypted on disk. Entry text was never affected (that's the per-entry AES-256-GCM layer above, which always worked), but the plaintext metadata fields were readable to anyone with the database file. It was never reachable over a network. We found this through our own security testing, fixed it in 1.8.0, and verified the fix on the shipped build. If you're on an older version, update — and delete any old database backups, which remain unencrypted. You can read the full story in How We Stress-Tested the Privacy in Your Journal.

Why This Matters

Most apps talk about privacy. MoodHaven is built around it — and when we get something wrong, we say so and fix it in the open.

There are no backdoors. There are no analytics. There is no secret server. The source code is public — you can verify every claim in this post by reading it.

You write. MoodHaven protects.

Try MoodHaven Journal

Free, open-source, and private. Your journal stays on your device — always encrypted, never shared.