quickpeach
Manual

Security & recovery

Your recovery phrase, the encrypted vault, two-factor, and account deletion.

QuickPeach encrypts everything sensitive so only you can read it — not the server, not us. This page explains the recovery phrase, two-factor sign-in, and what to do if you ever need to restore access.

Your recovery phrase

Recovery phrase
Your master key for encrypted data. Written down offline, it's the only way to recover — we never see it.
Make sure no one is looking at your screen.

When you first use encrypted features, QuickPeach generates a recovery phrase — a sequence of words that is the master key to your encrypted data (synced notes and backups).

Write it down and store it offline. This is the single most important thing you can do. QuickPeach never has a copy of it — if you lose it, encrypted data cannot be recovered by anyone.

To access your phrase:

  1. Settings → SecurityRecovery phrase.
  2. Authenticate with your password or biometrics.
  3. Write down each word in order.

You can also export a recovery bundle — a file containing everything needed to restore your vault on a new machine. Store it somewhere safe, separate from your phrase.

Verify your phrase

Go to Settings → SecurityVerify recovery phrase and type it back in. Do this once when you set it up to confirm you wrote it down correctly. It takes 30 seconds.

Biometric unlock

On supported devices, you can unlock the encrypted vault with Touch ID (macOS) or Windows Hello instead of re-entering your phrase each time. Enable it in Settings → Security → Biometric unlock.

Biometrics unlock access locally on your device. They don't replace your recovery phrase — you still need the phrase to restore on a new machine.

Two-factor authentication

Set up two-factor authentication
Add a 6-digit code from your authenticator app at sign-in.

Scan with your app

  1. Open Google Authenticator, 1Password, or Authy.
  2. Scan the QR — or enter the key manually:
JBSW Y3DP EHPK 3PXP

Enter the 6-digit code it shows:

Add a one-time code from an authenticator app as a second step at sign-in.

Set it up:

  1. Settings → SecurityTwo-factor authenticationSet up.
  2. Scan the QR code with Google Authenticator, 1Password, Authy, or any TOTP app.
  3. Enter the 6-digit code to confirm it's working.

After setup, every sign-in asks for your email magic link and a 6-digit code from the app.

Turn it off: go back to Settings → Security → Two-factor authentication and disable it. You'll need to authenticate once to confirm.

Account deletion

To permanently delete your account and all associated data:

  1. Settings → SecurityDelete account.
  2. Read the warning — deletion is irreversible.
  3. Confirm. The app processes the deletion immediately.

Your local notes are not deleted — they stay on your machine as plain Markdown files. Only your account and synced/server-side data are removed.

If you lose your recovery phrase

Local, unencrypted notes on your device are unaffected — they're plain files and always accessible.

Encrypted synced data and backup archives cannot be decrypted without the phrase. This is by design: end-to-end encryption means nobody else can access your data, which also means nobody else can recover it.

If you're still signed in on a device, you can:

  • Export a new recovery bundle from Settings → Security → Recovery phrase.
  • Set a new phrase if you still have an active session.

If you are fully locked out of your account and have no active session and no phrase, synced data cannot be recovered.

Sync & backup

Hosted note sync, version history, conflicts, and encrypted backups.

Settings reference

Every tab in Settings, top to bottom.

On this page

Your recovery phraseVerify your phraseBiometric unlockTwo-factor authenticationAccount deletionIf you lose your recovery phrase