Use case
Most encrypted notepads protect you from the server. Flowvault also helps when the attacker is standing next to you and asking for a password. A decoy password opens a real-looking notebook while your real notes stay unprovable.
30-second proof
Open the same demo vault twice: first with CorrectPassword, then lock and unlock with DecoyPassword. Same URL, same ciphertext on the server, two completely different notebooks.
Flowvault does not just encrypt note contents. It also avoids a visible note list, active-slot bitmap, or metadata trail proving how many notebooks exist. Different passwords derive different slot indexes; each successful password opens its own workspace at the same URL.
Flowvault hides what is inside the vault and whether another notebook exists in the same blob. It does not hide that someone visited your chosen URL from a network observer. If vault existence is dangerous in your threat model, read the security page before relying on it.
The best decoy notebook is not theatrical. It looks like something a normal person would actually keep: shopping lists, harmless notes, a recipe, travel logistics, or low-stakes reminders. The demo's DecoyPassword vault is intentionally boring for that reason.
This feature is easy to over-explain and hard to trust from copy alone. The public demo makes the claim tactile: same URL, two passwords, two different screens. That is the product's core conversion moment.
Flowvault is MIT-licensed and open end-to-end: frontend, Cloud Functions, Firestore rules, and crypto code are public. The server stores opaque ciphertext; your password and plaintext stay in the browser.