That’s a feature, not a bug: Private.Ki's enhanced security measures
Some things in Private.Ki can feel unusual if you’re coming from "normal" email services. You may expect the system to remember everything for you, show you your recovery address, or let support reset your password instantly.
Private.Ki is built differently. Many of these "missing conveniences" are intentional security choices. They exist because we encrypt data in a way that even we cannot read it. That can look like a limitation, but it is the reason Private.Ki is private.
Below are common examples:
“Why do I have to enter my recovery email again?”
You may notice that Private.Ki sometimes asks you to type your recovery email address instead of showing it back to you.
We don’t store your recovery email address in plain text. It is stored encrypted, and we cannot decrypt it. That means we cannot display it to you, and we cannot "confirm it" by reading it.
When you type it in, we can securely match it against the encrypted value we have on record and send a recovery code to that address.
That’s a feature, not a bug.
It prevents anyone with database access, admin access, or a compromised support system from learning your recovery address, and it also prevents us from being forced to disclose your recovery email address to anybody.
It also prevents the recovery address from becoming another piece of personal data that could be leaked.
“Why can’t support reset my password?”
If you’ve forgotten your password, you have to go through the password recovery process.
We cannot reset your password for you because we don’t know it and we don’t store it. Your password never exists on our servers in readable form. Your login is verified using a zero-knowledge protocol called OPAQUE, so there is nothing we can "look up" or "send you".
We don't even store a hash of your password (as many other services do).
That’s a feature, not a bug.
It means no employee, no attacker, and no third party can obtain your password from us. It also means nobody can socially engineer support into "resetting your account" unless you complete the recovery flow.
“Why can’t you recover my passphrase?”
Your passphrase protects your private key and the encrypted data in your mailbox. Only you know it. We do not store it, and we cannot derive it.
WARNING: If you don’t remember your passphrase, you can’t decrypt your data anymore.
That’s a feature, not a bug.
It’s the same principle as a safe deposit box: if the bank doesn’t have a copy of your key, it also can’t unlock your box. That’s the point. It prevents anyone else from unlocking it too.
The difference to a safety deposit box at a bank: We can't even break into your encrypted data by force.
“Why do some features feel stricter than in other mail apps?”
Private.Ki prioritizes security over convenience when the two conflict.
That means some things will feel stricter, for example:
Internal messages are always encrypted and signed.
Some settings are stored encrypted, so we can’t display them back to you in plain text.
Certain actions require you to re-enter secrets because we don’t keep them available server-side.
These are not accidents. They are trade-offs that remove whole classes of risk.
That’s not a bug. It’s the product.