Why Hexys Cannot Read Your Journal, Even If It Wanted To

When you write in a recovery journal, you are writing the most honest, unguarded version of yourself. You are writing about urges you did not act on, days you failed, and patterns you are only beginning to understand. That kind of writing requires a level of trust that most apps have never earned.

Most recovery apps store your journal entries in plaintext. That means the text you typed is sitting, readable, in a database somewhere. The company that built the app can read it. Their employees can read it. If their servers are breached, whoever broke in can read it too. They may have a privacy policy that says they will not, but a policy is a promise, not a technical guarantee.

Hexys was built around a different principle entirely. We wanted it to be technically impossible for anyone to read your journal except you.

How the encryption actually works

When you write a journal entry in Hexys, your device encrypts it before it ever leaves your phone. We use AES-256-GCM encryption, which is the same standard used by banks, governments, and security researchers worldwide. The encryption key is derived from your device and never sent to our servers.

What reaches our servers is ciphertext. That is the encrypted version of your entry, which looks like random noise to anyone who does not have your key. We store only that. There is no decryption key on our side, no backdoor, and no way to reverse the process without the key that only your device holds.

This is what zero-knowledge architecture means in practice. It is not a marketing phrase. It is a description of what is mathematically possible. We cannot read your journal entries. Neither can anyone else.

Biometric lock and screen capture prevention

Encryption protects your entries in transit and at rest, but we also protect them on your device. The journal section of Hexys requires biometric authentication to open, so even if someone has your phone, they cannot access your entries without your face or fingerprint. Screen capture prevention is also active inside the journal, so your entries cannot be screenshotted or recorded by other apps running in the background.

What about Arcos?

Arcos, the AI companion inside Hexys, does not have access to your journal. It never reads your entries on its own. What Arcos knows is your streak, your recovery profile, and whatever context you choose to share with it directly in conversation.

If you want Arcos to help you think through something you have written, you can share it yourself. That choice is always yours. The design here is intentional. We believe your journal should be a space where you write without filtering yourself, and the only way to protect that is to make sure nothing reads it without your explicit, in-the-moment decision to share.

Three identities, architecturally unlinkable

The privacy architecture in Hexys extends beyond the journal. Every user has three separate identities: a display name that only you and Arcos ever see, a pod alias that is visible only to your five-person recovery pod, and a community alias used in the broader Hexys community.

These identities are not just kept separate by a setting or a policy. They are architecturally unlinkable, meaning there is no database join path between them. Someone with access to the community cannot trace a post back to a pod alias, and a pod alias cannot be traced back to a real identity. The structure of the data makes the connection impossible, not just unlikely.

Why this matters more right now

The past few months have made clear that app security in this category is not a given. When a platform stores sensitive user data carelessly, the consequences for real people are serious. For anyone working through something as personal as compulsive behavior, the exposure risk is not abstract.

Building with privacy at the architecture level rather than the policy level is harder. It means we cannot offer certain features that require reading user data. It means we have to think more carefully about every design decision. We think that tradeoff is worth it, and we think users in this space deserve nothing less.

Your journal is yours. We built Hexys to make sure it stays that way.