We are using Argon2 for password hashing (both on client and server side) and as a KDF. The key is generated client-side on the user's browser/mobile and saved in a secure storage (IndexedDB on the browser & OS Keychain on mobile).
For data encryption we use XChaCha20-IETF-Poly1305 using the well known libsodium library. All the data is encrypted on user's device before being sent to the server.
We are using Argon2 for password hashing (both on client and server side) and as a KDF. The key is generated client-side on the user's browser/mobile and saved in a secure storage (IndexedDB on the browser & OS Keychain on mobile).
For data encryption we use XChaCha20-IETF-Poly1305 using the well known libsodium library. All the data is encrypted on user's device before being sent to the server.
The main details on how all data with the app is handled is available here: https://notesnook.com/privacy