Encrypted cloud sync for Markdown files that project as real local files on desktop. Write in WYSIWYG or raw source — fully compatible with VS Code, Claude Code, and your daily compiler tools.
Decentralized & Secure Workflow Pillars
Writedown pairs the zero-knowledge security you expect with the modern integration workflows required by active developer and engineering setups.
E2EE Vaults provide true zero-knowledge privacy. Security keys are derived locally via Argon2id from a recovery phrase and hardware seed, wrapped safely inside Web Workers.
Managed Vaults utilize encrypted key recovery managed by AWS KMS, allowing seamless onboarding and account recovery without losing standard encryption integrity.
No proprietary formats, SQL bloat, or lock-in. Every file is structured as pure Markdown under the hood. Export, version control via Git, or open in any plain text compiler instantly.
Compose in a clean, visual rich-text layout using block editing or toggle immediately into side-by-side Markdown source when editing precision is required. Two perspectives, zero artifacts.
Your notes reside locally first in IndexedDB via Dexie.js for instant, offline editing. When connected, changes sync to secure cloud vaults silently in a background worker loop.
Publish documents using brief share links. The AES decryption key is appended as a URL hash fragment, meaning it resides solely in the client and is never transmitted to our servers.
Log in utilizing biometric checks like FaceID, TouchID, or security keys via WebAuthn. This passwordless setup ensures protection against phishing and key interception vectors.
Decide where you draw the security perimeter. Whether you require absolute E2EE math or server-assisted key management, all data is encrypted via client-side AES-256-GCM.
A random 256-bit AES key is generated on your device to encrypt all vault data. The CEK never leaves your browser cleartext.
A master key is derived from a 12-word recovery phrase using Argon2id. The derived key wraps the CEK for remote recovery backup.
Daily sessions cache keys strictly in-memory (never in IndexedDB or localStorage). The moment you lock the vault or close the tab, all decryption keys are completely purged from device memory.
A 256-bit AES key is generated locally at vault creation. Data is encrypted inside browser threads using Web Crypto.
Your vault CEK is wrapped and stored using AWS Key Management Service (KMS), providing hardware-backed envelope encryption.
Access keys are recovered upon successful identity authentication. Simpler onboarding, omitting the risk of recovery phrase loss.
Detailed explanations on Writedown's local directory sync, security borders, and dev tools.
Writedown operates a lightweight local background daemon on your desktop. When you authenticate and unlock an E2EE vault in the application, the daemon decrypts files in-memory and projects them as real local files in a designated local directory. You can edit these files using VS Code, Claude Code, or command-line scripts. The moment you lock the vault or log out, the local folder is securely wiped, leaving only encrypted ciphertext in your secure cloud storage.
Writedown saves document databases locally inside IndexedDB via Dexie.js for instant access. Syncing backs up encrypted files to private, version-controlled cloud storage. In E2EE mode, cloud storage only stores AES-256-GCM encrypted chunks. In Managed mode, vault keys are stored securely using AWS KMS. The KMS key is a client-specific key protected directly by your account credentials via Cognito identity policies, meaning decryption can only be initiated within your active authenticated session.
Our VS Code extension lets you browse and search private Markdown notes within your IDE. It features prompt context bundling, allowing you to select several specification files, notes, or code documentation snippets from your vaults, compile them into an optimized Markdown context payload with automatic token metrics, and inject them into tools like Claude Code or local LLMs.
Yes. Writedown includes a responsive web layout that functions as an offline Progressive Web App (PWA). Native iOS and Android applications supporting hardware seed authorization are currently in active beta testing for waitlist members.
No, Writedown currently requires an active internet connection to authenticate and synchronize your vaults. Offline-first editing (caching updates locally in your browser's IndexedDB and syncing when reconnecting) is on our product roadmap.
Because Writedown is Markdown-native, there are no proprietary formats. If you use our local filesystem sync, your files are already plain .md documents stored in a standard local directory on your hard drive. You can also export your entire vault as a ZIP file containing standard Markdown documents at any time from our app settings, meaning you are never locked into our platform.
Not yet, but it's on our roadmap. Please send us feedback if you want this feature to get prioritized, along with potential use cases if you're comfortable sharing ideas.
Writedown supports standard relative Markdown image paths (e.g., ). You can drag and drop images directly into the editor; they are automatically saved into an assets folder within your vault, encrypted alongside your text, and synchronized to your secure vault. When using our local filesystem sync daemon, the images project on your computer as standard files, allowing your local editor previews (like VS Code) to display them automatically.
