Cairn /kΙ›rn/

Your legacy, protected

Cairn stores some of the most personal things you'll ever create. We take that responsibility seriously. This page explains how your data is protected β€” in plain language first, with technical details available if you want them.

Everything is encrypted

Every piece of content you create β€” letters, photos, videos, voice recordings, documents β€” is encrypted before it's stored. Your data is unreadable without the right keys, even if someone accessed the raw storage.

Your personal information (name, email) and your recipients' information are encrypted too. Even capsule names and descriptions are encrypted.

Technical details
  • AES-256-GCM authenticated encryption for all data
  • Three-tier key hierarchy: server master key, password-derived key (Argon2id), and per-creator Data Encryption Key (DEK)
  • Media files use streaming chunked encryption (64 KB chunks) with unique IVs per chunk
  • Blind indexing (HMAC-SHA256) enables email lookups without exposing plaintext

Your password protects your keys

When you create an account, Cairn generates a unique encryption key just for you. This key is protected by your password β€” derived using a modern, memory-hard algorithm designed to resist brute-force attacks. If you change your password, your key is re-wrapped with the new one.

Technical details
  • Per-creator Data Encryption Key (DEK): 256-bit, randomly generated at registration
  • Key Encryption Key derived from password via Argon2id (64 MB memory, 3 iterations)
  • DEK also wrapped with server master encryption key for operational access
  • Password changes re-derive the KEK and re-wrap the DEK β€” your data is never re-encrypted

Backups you can hold in your hand

When you generate a backup, Cairn creates a fully self-contained archive. It's a folder you can copy to a USB stick and put in a safe, a drawer, or wherever feels right.

Inside, your content is organized by capsule. Letters exist in three formats β€” plain text, formatted markdown, and PDF β€” so they'll be readable decades from now regardless of what software exists. Photos, videos, and recordings are stored as original files. The archive includes a simple viewer that opens in any web browser, no internet required.

The backup is decrypted when generated β€” because its purpose is to survive you. It needs to be openable by someone who doesn't have your password or access to a running Cairn server.

Technical details
  • Backup generated server-side with DEK-based decryption
  • Content stored in plaintext within the archive (intentional β€” durability over encryption)
  • SHA-256 checksums for integrity verification
  • Static HTML/CSS/JS viewer β€” no external dependencies
  • Triple-redundant text content: .txt, .md, .pdf

A quiet β€œare you still here?”

Cairn periodically sends you a check-in email β€” by default, every 90 days. If you respond, nothing happens. If you don't, Cairn sends reminders. After three missed check-ins over 21 days, Cairn begins the release process.

If you've designated an executor, they receive a notification and have 72 hours to confirm or cancel the release. This provides a human safeguard against accidental triggers.

This system is live today, but automated digital delivery to recipients is not yet built. For now, the check-in system serves as the trigger mechanism, and the USB backup is the delivery method. When digital distribution is ready, the check-in system will drive both.

Technical details
  • Check-in interval configurable per creator (default 90 days)
  • Three-stage reminder escalation: 7 days between each
  • Executor notification with 72-hour confirmation window
  • Cryptographically signed check-in and release tokens (JWT, short expiration)
  • Capsules support two release conditions: immediate (β€œon_release”) or time-delayed (β€œtimed”)
  • Timed capsules use independently encrypted keys released by a server-side cron job

Where we're headed

Cairn is actively being developed. Here's what's planned:

  • Automated digital delivery β€” When the check-in system triggers a release, recipients will be notified directly with secure access to their capsules, no USB stick required.
  • End-to-end encryption option β€” For creators who want zero-knowledge encryption where even the server can't read their content.
  • Ongoing security hardening β€” Regular reviews of authentication, authorization, and data protection.

The USB backup will always remain an option. Some things deserve to exist as physical objects.

Questions about security?

Cairn is open source. You can review the code yourself.