NimbleCal uses end-to-end encryption to keep your calendar private. Calendar content you save in the app is encrypted before storage or sync, and the keys needed to read it do not leave your devices in plaintext.
Password requirements
Use 12 or more characters for your NimbleCal password. NimbleCal does not require symbols, numbers, or mixed case, so a passphrase or password manager-generated password works well.
NimbleCal's account system checks new passwords against the Pwned Passwords list (part of Have I Been Pwned) during signup and password reset. The check uses k-anonymity, so the password itself is not sent to Have I Been Pwned. If the password has appeared in a known data breach, NimbleCal asks you to choose a different one.
NimbleCal accepts passwords up to 72 bytes. For basic ASCII passphrases, that usually means up to 72 characters. Accented letters, emoji, and some non-Latin characters can take more than one byte each, so the character count may be lower. If your password is rejected as too long, shorten it and try again.
Why you might see an "Unlock your encrypted data" prompt
NimbleCal takes a security-first browser approach. By default, after a full browser close or restart, it does not keep a reusable local unlock path available. That means you may need to unlock your encrypted data again when you come back.
Why make that tradeoff? Because fewer unlock prompts usually mean keeping unlock-capable material available on-device for longer. In a browser, that raises the local-device risk tradeoff, especially on shared devices or in browsers with extensions. NimbleCal prefers a fresh unlock when local unlock state is gone instead of leaving a reusable browser unlock path available for longer by default.
In NimbleCal, sign-in and unlock are related but separate:
- Sign-in connects your account so NimbleCal can sync your encrypted data.
- Unlock lets this device read your encrypted calendar locally.
Desktop and mobile apps can often rely on OS-backed secure storage and biometrics for faster reopening. Web apps do not get the same storage model, so they make different tradeoffs between convenience and how long a device stays locally unlockable.
If you use a trusted device, you can enable Quick unlock in Settings. Quick unlock lets you use your face, fingerprint, or device PIN instead of typing your password each time. It uses your device's built-in authentication to protect a local unlock credential that stays on that device and is released only after device verification. Quick unlock is a trusted-device local unlock helper. It does not move your encryption key to a brand-new device, and it is not account recovery on its own.
You are most likely to see this prompt when NimbleCal cannot restore your local unlock state automatically, for example on a new device, after all NimbleCal tabs have been closed, or after a browser restart. If Quick unlock is available on this device, the screen still appears but offers a device-unlock option you can use instead of your password. On a brand-new device, you still need your NimbleCal password until you set up Quick unlock there too.
Changing your password safely
If you still know your password, you can change it safely.
Important: A password reset needs to update encryption keys too. NimbleCal will guide you through this and may ask you to open the reset link on a device where your calendar is already unlocked or where Quick unlock is already set up.
If your email app opens the reset link in an in-app browser, you may need to copy the link and open it in the browser where NimbleCal is already unlocked. The reset page includes a "Copy reset link" button to make this easier.
If you forgot your password
Because your calendar content is encrypted end-to-end, NimbleCal cannot recover encrypted event content if you lose the keys needed to decrypt it.
If you just created your account and haven't signed in to NimbleCal yet, you can reset your password normally. NimbleCal will initialize your encryption key from the new password.
If you still have a trusted device where NimbleCal is already unlocked, or where Quick unlock is already set up, open the reset link on that same device. NimbleCal will only let you set a new password after it can unlock your encryption key there, so you do not accidentally lose access to your encrypted calendar.
Quick unlock only helps on the device where you already set it up. It does not recover your encrypted data on a brand-new device.
If you have lost both your password and every device that can still unlock NimbleCal, the existing encrypted data may be unrecoverable. The safe fallback is to start fresh. In that case:
- Your encrypted calendar content cannot be recovered by NimbleCal.
- You may need to start over with a new encrypted setup after you regain account access.
- Contact support and we'll help you figure out the safest next step for your account.
See also: