Tools Compared

Encrypted Note Apps Compared: Who Can Read Your Notes?

July 5, 2026 8 min read Haven Team

People put things in note apps they would never put in an email: password resets, medical questions to ask a doctor, draft messages they may never send, journal entries. Then the notes sync through a server that, for most mainstream apps, can read every word. The gap between "encrypted" and "encrypted so the provider cannot read it" is the entire subject of this comparison.


Nearly every note app will tell you your notes are encrypted. Almost all of them mean encryption in transit (TLS between your device and the server) and encryption at rest (disk encryption on the server). Both protect against outsiders. Neither protects against the provider itself, its staff, a compromise of its infrastructure, or a legal demand for your content. The distinction is the same one we cover for file storage in E2EE cloud storage compared: only end-to-end encryption, with keys derived on your device from a secret the provider never sees, removes the provider from the set of people who can read your data.

The apps that encrypt end-to-end

Standard Notes is the longest-standing dedicated E2EE notes service. Notes are encrypted on-device with XChaCha20-Poly1305 before sync, the clients are open source, and the cryptography has been through multiple third-party audits. Since 2024 it has been part of Proton. The trade-off is that E2EE constrains features: search happens client-side, and there is no server-side collaboration on note content.

Notesnook takes the same zero-knowledge approach (XChaCha20-Poly1305, keys derived from your password) and went fully open source in 2022. It aims at feature parity with mainstream note apps, which makes it a reasonable landing spot for people leaving Evernote-class tools.

Joplin is open source and syncs through a backend you choose: its own cloud service, Nextcloud, S3, or a folder. End-to-end encryption is available but off by default, and turning it on is your responsibility. Whether your notes are provider-readable depends entirely on that switch and on which backend you picked.

Obsidian stores notes as plain Markdown files on your device. It is local-first rather than E2EE-as-a-service: with no sync, there is no server to trust, which is the cleanest privacy model available (the general case for this architecture is in our post on local-first software). Its optional Sync service is end-to-end encrypted when you set an encryption password. The app itself is proprietary, so you are trusting the vendor's client code rather than community review.

The platform defaults

Apple Notes is the interesting middle case. With a standard iCloud account, Apple holds keys to your synced notes and can produce them under legal process. Two features change that: individually locked notes are encrypted with a key derived from a passphrase or your device passcode, and enabling Advanced Data Protection extends end-to-end encryption to the whole Notes category. Most users have neither turned on, so the practical default is provider-readable.

Google Keep, Notion, Evernote, and OneNote are server-readable by design. Their business and feature models (server-side search, collaboration, AI summarization) depend on the provider processing plaintext. OneNote can password-protect individual sections with AES, a useful pocket of protection inside an otherwise provider-readable product. None of this makes these apps wrong for grocery lists and meeting notes. It makes them the wrong container for anything you would not show the provider.

App E2EE Open Source Notes
Standard Notes default Multiple audits; part of Proton since 2024
Notesnook default Zero-knowledge sync; open-sourced 2022
Joplin optional, off by default Self-hostable sync backends
Obsidian local files; Sync E2EE optional Local-first Markdown; proprietary client
Apple Notes only locked notes or with ADP Default iCloud sync is Apple-readable
Keep / Notion / Evernote Provider processes plaintext by design

What E2EE notes do and do not protect

A zero-knowledge note app protects your content against a server breach, an insider at the provider, and a legal demand for note contents (the provider can hand over only ciphertext). That covers the realistic bulk of the threat. It is worth being precise about what remains:

The one-question audit

Before trusting any note app with something sensitive, find the answer to a single question: if I forget my password, can the company restore my notes? If yes, the company can read them. Every marketing page can be decoded with that one test.

Picking by threat model

If your notes are low-stakes, the platform default you already use is fine, and pretending otherwise would be theater. If your notes include anything you would be uncomfortable showing the provider (credentials, health details, legal matters, journalism sources), use a zero-knowledge app by default: Standard Notes and Notesnook are the strongest combination of E2EE-by-default, open source, and audit history. If your requirement is that no third party is involved at all, local-first files with no sync, encrypted at the disk level, remain the strictest option, at the cost of doing your own encrypted backups.

The pattern across all of these is the one that governs every category we compare: features that require the provider to read your data are features you pay for with readability. Decide which of your notes can afford that price, and put the rest where no one can read them but you.

Try Haven free for 15 days

Encrypted email and chat in one app. No credit card required.

Get Started →