Data stored on your device is encrypted using iOS’ own encryption. So your databases are always encrypted and can only be read by DEVONthink To Go after you unlocked your device after a restart.

An additional app-wide passcode that can be different from your device’s passcode secures access to your data. Alternatively you can use Face ID or Touch ID. For usability reasons, individual databases do not have their own password protection, but their password is required to import them from a sync locations.

If these two levels of security do not suffice, e.g., for classified government documents, a specialized data vault, as provided by most government agencies, might be a more appropriate solution.

If you set an encryption key for a sync store all data is AES 256 bit encrypted before leaving the device and is stored in encrypted form on the server. It can only be retrieved using the correct key. The same is true for direct connections where all data is encrypted using the key set in the Bonjour options.

In addition, the username and password you set for newly created databases is used as soon as you sync the database to another device. The database cannot be retrieved from a sync store or via direct connection without entering the right credentials.

Unfortunately no. The encryption key is never shared with us. If we could recover your encryption key anyone else could do this too. We’re using strong encryption to ensure that your privacy (at the time of this writing) can’t be cracked without substantial computing power, if at all. Are you sure that you don’t have noted it down on some piece of paper somewhere?