Skip to content
Pia Docs

Recovery Code

When you turn on End-to-End Encryption, Pia gives you a one-time recovery code — a 24-character code in the format XXXX-XXXX-XXXX-XXXX-XXXX-XXXX. It’s the only way to get back to your encrypted data if you ever lose access to all your devices.

Where to Keep It

Section titled “Where to Keep It”

Good places:

  • A password manager (1Password, Bitwarden, KeePass, etc.)
  • An encrypted note on a separate device
  • A printout in a locked drawer

Bad places:

  • Email or chat — these aren’t end-to-end encrypted, which defeats the purpose
  • A plain text file on the same computer — if you lose the device, you lose the code with it
  • A screenshot in your phone’s camera roll, especially if it syncs to an unencrypted cloud

When You’ll See It

Section titled “When You’ll See It”

Pia shows the recovery code immediately after you enable End-to-End Encryption from Settings → Cloud Sync. The dialog includes:

  • A heading: Save Your Recovery Code
  • The 24-character code
  • A Copy to Clipboard button
  • A confirmation checkbox: I have saved this recovery code in a safe place
  • A Done button (enabled only after you check the box)

The code is shown only once. There’s no “show recovery code again” option later in settings.

Using the Code on a New Device

Section titled “Using the Code on a New Device”

When you sign in on a fresh device with E2EE already enabled, Pia gives you two ways in:

  1. Approve from another device — wait for an approval prompt on a device you’ve already authorized. Best when you have a working device handy. See Cloud Sync.
  2. Use recovery code — for when no approved device is available.

To use the recovery code:

  1. Click Use recovery code on the onboarding screen.
  2. Enter the code in the input field, including the dashes.
  3. Click Activate.

Pia validates the code, derives your encryption key, and unlocks this device. Your encrypted conversations and todos start syncing immediately.

If You Lose the Code

Section titled “If You Lose the Code”

The code is generated only the first time you turn on End-to-End Encryption. Once the dialog is closed, Pia cannot show it again.

If you still have at least one approved device, approve a new device from it now — don’t wait. The recovery code is only needed when you have no approved device.

If both the recovery code and every approved device are lost, the encrypted data cannot be recovered.

Next Steps

Section titled “Next Steps”

For the full picture of cross-device sync, see Cloud Sync.