Truly Private Note-Taking on the Web

You've heard the marketing: "End-to-end encrypted. Your privacy is our priority. Bank-level security."

But privacy claims are easy. Implementation is hard.

This article cuts through the marketing. Here's how to evaluate real privacy in note-taking apps and which architectural approaches actually deliver it.

Privacy is not a feature. Privacy is an architecture. You can't bolt it on. You have to build it in from the beginning.

The evaluation framework: Four dimensions of privacy

When evaluating a note-taking app, ask four questions:

Privacy evaluation criteria

🔐

Encryption: Is plaintext ever visible to the server?

Client-side encryption before transmission = good. Server-side encryption with company-held keys = bad. No encryption = terrible.

🔑

Key ownership: Who holds the encryption keys?

User holds keys = good. Company derives keys from passwords = acceptable. Company holds keys = bad. Company can always decrypt if they hold keys.

👁️

Metadata: What does the server see?

Server sees encrypted blob only = best. Server sees timestamps, file sizes, sync patterns = still exposed. Server knows content categories = privacy leak.

💰

Business model: How do they make money?

Subscription (user pays) = aligned incentive. Ad-supported = incentive to use data. Free with "optional" monetization = suspicious. Selling data = terrible.

The three architectural approaches to private notes

📱 Local-only

Examples: Apple Notes (local), Simplenote (optional sync), plain text files.

Privacy: Perfect. Sync: None. Trade-off: Works on one device or manual backup.

🔗 Sync-optional encrypted

Examples: Logseq, Obsidian, CHRONOS.

Privacy: Excellent. Sync: User-controlled. Trade-off: Requires setup and device management.

☁️ Cloud with encryption

Examples: OneNote (alleged), Notion (claimed), Evernote (some).

Privacy: Claimed (often weak). Sync: Automatic. Trade-off: Trust company's encryption claims.

Comparing popular apps: The truth about privacy claims

App	Encryption	Key owner	Metadata visible	Real privacy?
Apple Notes	iCloud encryption	Apple holds keys	Partial (timestamps visible)	Weak
Google Keep	Transport only (HTTPS)	None (plaintext in Google DB)	All visible	No
Notion	None client-side	None (plaintext in Notion DB)	All visible	No
OneNote	Transport + at-rest	Microsoft holds keys	Partial (visible to Microsoft)	Weak
Standard Notes	Client-side AES-256	User password-derived	Server sees blob only	Strong
Logseq	Client-side (optional)	User-controlled	Blob only (if encrypted)	Strong
Obsidian	Local storage	User-controlled	No server	Perfect
CHRONOS	Client-side AES-256-GCM	User password-derived	Server sees blob only	Strong

If the company claims to encrypt but holds the keys, they're not claiming privacy. They're claiming they *could* be trustworthy. That's marketing, not architecture.

How to spot weak privacy claims

Watch for these red flags:

🚩

"We encrypt your data"

They don't say how or where the keys are. If they don't explicitly say "client-side" or "you hold the keys," they probably encrypt but hold the keys. This is not privacy.

🚩

"Military-grade encryption"

All encryption is "military-grade" now (AES-256). This is marketing noise. Real privacy is about architecture and key management, not algorithm strength.

🚩

"We can't see your data"

If they hold the encryption keys, they can. They're saying they *won't* decrypt without a legal order. That's different from *can't*. If they hold keys, courts can compel decryption.

🚩

Mentions of "end-to-end encryption" without key clarity

E2EE between you and their servers isn't the same as zero-knowledge. You could have E2EE with the company still holding keys.

🚩

Free product with no clear revenue model

If you're not paying for the product, you're the product. Free note apps monetize through data. If privacy is real, how are they sustaining?

The best architectures for real privacy

There are two proven approaches:

Offline-first with optional sync

Notes live on your device first. Sync is optional, encrypted, and user-controlled. Examples: Obsidian, Logseq, CHRONOS. You own your data entirely.

Zero-knowledge with strong keys

Notes are encrypted on the client with a password-derived key before ever reaching a server. Server stores only ciphertext. Examples: Standard Notes, CHRONOS. You own your keys.

Both require one thing: you trust the code, not the company. This means open-source is better. You can audit the encryption. You can verify the keys are client-side.

Questions to ask before choosing a note app

Where are my encryption keys stored? (In your hands = good. On their servers = bad.)
Can I export my notes? (Yes = good. Locked in = bad.)
Is the code open-source? (Yes = auditable. No = trust required.)
What does the server see? (Only encrypted blob = good. Metadata = bad.)
What's the business model? (Subscription = aligned. Free = data monetization.)
Who controls the keys? (You = good. Company = not actually private.)

The shift: From trusting companies to architecting privacy

Privacy is shifting from "trust us" to "you can't see your data because it's encrypted."

The best note apps don't require trust. They require cryptography. You don't have to believe the company is ethical. The architecture prevents them from seeing your data even if they wanted to.

This is why offline-first and zero-knowledge are winning. They don't ask for trust. They eliminate the need for it.

CHRONOS

Your notes.
Architecture proves it.

Client-side encryption, zero-knowledge design. We literally cannot read your vault.

Open CHRONOS