Why we added Vault Mode, and how it keeps your notes locked

The question that changed our roadmap

We'd designed Scribr to solve a simple problem. People record meetings on their phones. They need those recordings transcribed, summarized, and turned into action items. Most of them use their commute to listen back, jot notes in a coffee shop, or share a quick summary with a colleague.

But a small group of users - therapists, lawyers, researchers working with sensitive data - had a different constraint. They didn't just want privacy. They needed certainty. And certainty meant encryption they could verify, not trust.

We already offered on-device transcription through Whisper and Apple Speech. That audio never leaves your phone. But once you move to cloud transcription (Deepgram, for longer calls or better accuracy), the audio itself stays encrypted in flight. Your notes and summaries, though? They lived in a standard database. Encrypted at rest, sure. But not in a way a compliance officer would sign off on without questions.

So we added Vault Mode. AES-GCM encryption. Client-side. For Pro users and above.

What Vault Mode actually does (and doesn't)

Vault Mode isn't a separate app or a new workflow. It's a setting you flip on. Once it's on, every note you create - whether it's transcribed, handwritten, or a summary Scribr generates - gets encrypted with AES-GCM before it ever syncs to our cloud.

The key stays on your device. We never see it. If you lose your phone, your encrypted notes are useless to anyone who finds it. If a breach happened tomorrow, an attacker would see gibberish.

What it doesn't do: it doesn't encrypt your audio files themselves if you're using cloud transcription. That's a different problem, and one we're thinking about. For now, if you need the audio encrypted too, on-device transcription via Whisper is your answer - audio never leaves your phone at all, and you don't need Vault Mode because there's nothing to vault.

Where Vault Mode matters is the moment after transcription. Your notes. Your summaries. Your action items. Those get locked.

Why we didn't make it default

We tested making Vault Mode default for everyone. Within a week, we knew it was wrong.

Most people transcribe, skim, and forget. They search their notes months later. They want Scribr Cloud sync to work everywhere. Encryption on the client side means if you log out, or switch devices, or lose your PIN, you lose access until you unlock it. For a sales team sharing action items across a workspace, or a student reviewing notes from last semester, that friction is real.

So Vault Mode is opt-in. Pro subscribers can turn it on. Team and Enterprise users can enforce it across their organisation if they want, because they have GDPR Compliance Modes and audit logs that talk to their legal team anyway.

The biometric lock (face or fingerprint) lives across all tiers, all notes. That's table stakes for security now. But Vault Mode is for the specific case: 'I need to know for certain that these notes are encrypted, that I control the key, and that nothing we discuss leaves my device without that encryption.'

A real conversation from week two

A week after Pro launched, we got a message from a freelance researcher working with NHS data. She'd switched on Vault Mode, used Scribr to record interview notes, and then asked: 'If I enable Vault Mode, do I need to tell my participants their notes are encrypted?'

Good question. The answer is no - but only because the encryption happens on your device, not on a server you don't control. She has the key. She decides when to share. The NHS data protection officer approved it.

That conversation stuck with me because it showed why we'd built it the way we did. Not as a feature for privacy theatre. As something that changes the legal picture. If you're holding someone else's data, and you can guarantee it's encrypted with a key only you hold, you've reduced your liability. Your compliance team will have fewer questions. Your users will trust you more.

We've had three requests since to build the same encryption into action items. We're thinking about it.

Who actually uses it (and who probably shouldn't worry)

It's not for everyone. If you're a sales rep transcribing customer calls, you don't need Vault Mode. You need fast summaries and action items. Scribr does that without the encryption overhead.

It is for you if: you're a therapist with session notes, a lawyer with client information, a journalist protecting a source, a researcher storing sensitive interview data, or anyone else who's answered 'yes' to the question 'Could this note, if leaked, cause harm?'

We've also seen it used by freelancers working with NDAs, consultants in regulated industries, and one memorable case: a founder using it to record board conversations, because her investors wanted to know the notes couldn't be subpoenaed in a way that revealed their encryption wasn't real.

For everyone else, the standard setup works fine. On-device transcription if you want zero risk. Cloud transcription if you need better accuracy or longer audio. Biometric lock on everything. Vault Mode if you need the extra certainty.

What comes next

The therapist who sparked this is still using Scribr. She's asked us twice if we can encrypt the audio itself, not just the notes. We're looking at it. It's harder than it sounds, because it means changing how Deepgram works for us. But if we do it, it would only be in Vault Mode, and only for users who explicitly opt in.

We've also fielded questions about whether Vault Mode can work with Contact Intelligence (Team tier), which lets you tag and share notes about who you spoke to. The answer right now is: no, because sharing encrypted notes with teammates requires sharing the key, which defeats the point. Team+ users who need encryption get Vault Mode; users who need sharing get Contact Intelligence. We're not trying to solve both at once.

What we won't do is sell Vault Mode as military-grade or bank-level. It's AES-GCM, which is solid, standard encryption. It's not unbreakable. It's not forensically invisible. It's just what you'd expect: a locked container that only you can open, because you hold the key.