Technology is disclosed herein for client side data encryption with a recovery mechanism. According to at least one embodiment, a computing device encrypts at least one data set into an encrypted data set using a private encryption key. The computing device encrypts the private encryption key using a password provided by a user of the device. The password is also encrypted using the user's answers to password recovery questions. The encrypted data set, the encrypted key and the encrypted password are transmitted to and stored by a server. The computing device can retrieve and decrypt the encrypted data set form the server. The encryption key can be recovered by decrypting the encrypted key using the password. The password can be recovered by decrypting the encrypted password using answers to the password recovery questions provided by the user.