Why Most Note Apps Aren't Actually Private (And How to Tell)
Why Most Note Apps Aren't Actually Private (And How to Tell)
Open the App Store, search for "private notes," and count the badges. Lock icons. The words "secure" and "private" in every screenshot. Then read the privacy policies and you'll find the truth: most of these apps can read every word you write, and many of them do — for analytics, recommendation systems, or model training.
This isn't a conspiracy. It's the default. Building a notes app where the company can't read your data is harder than building one where it can. Real privacy requires giving up things companies don't want to give up: the ability to recover your data, generate AI suggestions on the server, or analyze user behavior at the entry level.
Here are the five questions that cut through the marketing.
1. What does "encryption" mean here?
There are three places notes can be encrypted: in transit (network), at rest (server disk), and end-to-end (your device). The first two leave the company holding the keys. Only end-to-end encryption (E2EE) means the company cannot decrypt your notes, even if they wanted to.
Look for the literal phrase "end-to-end encrypted" or "zero-knowledge." Vague phrases — "encrypted with industry-standard methods," "bank-level security" — almost always mean only the first two.
2. Can the company reset your password and give you your notes back?
Test this in your head: if you forgot your password, would the app's support team be able to restore your data?
If yes, the company has your encryption key. They have to, to decrypt your data and give it back to you. That's the opposite of E2EE.
A real E2EE app says, somewhere in the docs: "If you lose your recovery phrase, we cannot recover your data." This sounds bad. It is, in fact, the only honest way to do private storage.
3. Are AI features running on the server?
If a note app has "ask AI about your notes" or "auto-summarize" features, ask: where does the AI run? If it's a cloud LLM, your notes are leaving your device unencrypted at some point — to the AI provider, possibly logged, possibly used for training.
A genuinely private app either runs AI fully on-device (rare and limited) or doesn't offer those features. Some apps offer both modes; check defaults.
4. What does the app log on every sync?
Even if content is encrypted, metadata leaks. The server might know:
- Your IP address every time you sync.
- The exact second you wrote each entry.
- How many entries you wrote yesterday.
- Which folders or tags exist.
A privacy-respecting app minimizes this. Some metadata is unavoidable (you can't sync without timestamps), but a serious team explains what they keep, why, and for how long. If the privacy policy is silent on this, assume the worst.
5. Is the security model documented in plain language?
The single best signal: a public security page that names the cipher, describes key derivation, explains the threat model, and admits what it doesn't protect against. Apps that take privacy seriously want you to read this. Apps that don't, hide it behind enterprise sales.
For Jottii, see What End-to-End Encryption Actually Means for Your Journal.
A quick checklist
Before trusting a note app with anything sensitive:
- Privacy/security page mentions "end-to-end encryption" or "zero-knowledge."
- A specific cipher is named (NaCl, AES-256-GCM, XChaCha20-Poly1305).
- Recovery requires a phrase only you have, not a support ticket.
- Metadata logged is documented and minimal.
- AI features either run on-device or are clearly opt-in.
- Threat model is published — including what is not protected.
A "yes" on all six is rare. Three or fewer "yes" answers and the word "private" in the marketing is doing a lot of work.
Privacy is a system, not a feature
It's tempting to treat privacy as a checkbox: "yes, encrypted, done." But your notes leak through whichever weakest link the system has — analytics, AI, support tooling, backups. A truly private notes app has to design every one of those for non-access. That's why so few exist.
If you want one that does, Jottii is built this way from the foundation up — and we explain the model openly because we think you should never take "private" on faith.