The zero-knowledge architecture is clever here. One thing I'd be curious about—how do you handle key derivation from the passphrase? I've been building PrivaVault (encrypted doc management, launching in a week) and spent far too much time on this exact problem. We ended up using Argon2id with high iteration counts, but it creates this tension between security and UX since key derivation on every decrypt can feel sluggish on mobile. I would be interested in understanding the tradeoffs you made in this situation.

That is a brilliant idea. I wish you to put enough ads to survive because I hate giving my credentials to some privnote service. I will promote your service in local CP community to replace the old instrument.