Plume logo Plume
Privacy-First Architecture

Your journal.
Your eyes only.

81% of Americans believe data collection risks outweigh the benefits. Your most intimate thoughts deserve better than a company's server. Plume keeps your journal on your device, locked behind your face.

Source: Pew Research Center, Oct 2023 — survey of 5,101 U.S. adults

Download Plume Compare apps ↓

The privacy problem is real

These aren't hypotheticals. Real companies, real breaches, real consequences.

0%

say data collection risks outweigh benefits

Pew Research, Oct 2023

0

Evernote accounts breached in 2013

CNN, TechCrunch

0

of people store sensitive info in note apps

DuckDuckGo / Spread Privacy survey

When cloud storage fails

A timeline of real incidents involving personal data stored on company servers.

2012

Dropbox

68 million accounts stolen. An employee reused a password from the LinkedIn breach. The full scale wasn't disclosed until 4 years later.

Source: Bitdefender, Dark Reading

2013

Evernote

50 million usernames, emails, and passwords exposed. The note-taking giant that stores people's most personal thoughts.

Source: CNN, TechCrunch

2016

Evernote Policy Change

Evernote announced employees could read users' notes to improve machine learning. Reversed after 48 hours of backlash. CEO: "Our customers let us know that we messed up."

Source: TechCrunch

2018

Timehop

21 million users' personal memories exposed. The attacker had access for 7 months before being detected. Cause: no multi-factor auth on admin accounts.

Source: TechCrunch, MIT Sloan

2022

Microsoft Cloud

2.4 terabytes of customer data from 65,000+ companies across 100+ countries leaked via misconfigured storage.

Source: SentinelOne, Arcserve

Two architectures. One choice.

Where your journal entries live determines who can read them.

CLOUD-BASED

Most journaling apps

Your device Company server They hold keys Employees Gov / Law Hackers Risks: • Data breaches expose all users at once • Company can read your entries • Subpoenas go to the company, not you • Acquisitions change the rules • Policy changes can allow access
LOCAL-FIRST

Plume

Your device Data lives here Encrypted • Face ID locked 🔒 Face ID No server needed How it works: ✓ Journal stored only on your Mac/iPhone ✓ No account needed — no email, no password ✓ Face ID / Touch ID biometric lock ✓ No company can read your entries ✓ No servers to breach ✓ Works offline — no internet required ✓ Optional iCloud sync via Apple

The concept of local-first software was formalized by researchers at Ink & Switch in a 2019 ACM paper defining seven ideals: fast, multi-device, offline, collaborative, long-lived, private, and user-controlled.

Source: Kleppmann et al., ACM SIGPLAN Onward! 2019

Privacy comparison

How Plume stacks up against every major journaling app on privacy. Verified against each app's official documentation.

Feature Plume Day One Journey Penzu Apple Journal
Data stored on your device Optional Optional
No account required
Biometric lock (Face ID)
No company servers Depends
Works fully offline
No data collection Email + analytics Account data Name, email, age On-device ML
One-time purchase Free
Native Apple app Cross-platform Web-based
Structured journaling Templates Prompts

Sources: Day One Privacy FAQ (dayoneapp.com), Journey Privacy Policy (journey.cloud), Penzu (penzu.com), Apple iCloud Security Overview (support.apple.com)

Locked behind
your face

Plume uses Apple's Secure Enclave — a dedicated, isolated security chip that stores your biometric data. It never leaves your device, never gets backed up to iCloud, never gets sent anywhere.

Face ID: 1 in 1,000,000

The probability of a random person unlocking your journal. That's 100x more secure than a 4-digit passcode.

Source: Apple Security Guide

Secure Enclave isolation

Your biometric data is processed by a dedicated chip separate from the main processor. Even if the OS were compromised, the Enclave remains secure.

Source: Apple Platform Security Guide

5 attempts, then lockout

After 5 failed Face ID attempts, the device requires your passcode. Brute-force attacks are physically impossible.

Source: Apple Security Guide

Plume is locked Use Face ID to open your journal

Built on local-first principles

Seven principles defined by Ink & Switch researchers. Plume was designed around all of them.

Fast

No network round-trip. Every action is instant because data is already on your device.

Multi-device

Sync across your Mac, iPhone, and iPad through Apple's iCloud when you choose to.

Offline

Write anywhere. On a plane, in the woods, off the grid. No internet needed, ever.

Private

Your journal never touches anyone else's server. We never see your words.

Long-lived

Your journal works even if we disappear tomorrow. No server dependency means no sunset risk.

User-controlled

Export your data anytime. JSON, plain text. Your data, your format, your terms.

GDPR & CCPA simplified

137 countries have data protection laws. With local-first, most don't apply — because your personal data never leaves your device. No collection means no compliance burden.

Source: Cloud Security Alliance, GDPR Article 20

Start journaling
without compromise

One-time purchase. No subscription. No account. No servers. Just you and your thoughts.

Download for Mac Get for iPhone & iPad