Can Anyone Else Read My Notes? The Honest Answer

· · Daniel A

Can Anyone Else Read My Notes? The Honest Answer

Most notes apps say your data is private. Very few can honestly say it is unreadable.

It is the question that quietly sits in the back of every privacy-aware person's mind when they open a notes app. If someone really wanted to, could they read this?

The answer depends entirely on one technical detail most apps avoid talking about: who holds the key.

Private is not the same as encrypted

Companies love the word "private." It sounds reassuring. It also means almost nothing.

"Private" usually means the company promises not to look at your data, and promises not to sell it. That is a policy. Policies can change. Employees can break them. Governments can override them. Attackers can ignore them entirely.

"Encrypted" means something stronger. It means the data is mathematically scrambled, and only someone with the key can unscramble it. If the company does not have the key, the company physically cannot read your notes, no matter who asks.

Who can read notes in a typical "private" app

  • Engineers with production database access
  • Support staff using admin tools
  • Anyone who breaches the company's servers
  • Governments serving valid legal requests
  • Future acquirers who change the privacy policy
  • Machine learning systems trained on user content

Where popular apps actually sit

Apple Notes, Google Keep, Notion, Evernote, and OneNote all store your notes in a form their servers can read. Some offer optional "locked" notes with extra encryption on top, but the default is plaintext on their infrastructure. Their staff and systems can technically open any note.

This is not a scandal. It is a tradeoff. It enables features like server-side search, AI summaries, web previews, and easy password recovery. The cost is that your data lives on their servers in a readable form.

A smaller group of apps, including Standard Notes, Notesnook, Proton's note features, and SimplyBoard, use what is called client-side or zero-knowledge encryption. The encryption happens on your device, before anything is sent. The server only ever sees ciphertext.

What zero knowledge actually means

Zero knowledge is a precise claim, not marketing language. It means the operator of the service has no technical ability to read your data, even if they want to.

In practice it usually looks like this:

  • Your password (or passphrase) is stretched into an encryption key on your device, using a function like PBKDF2 or Argon2.
  • Your notes are encrypted with AES-256-GCM, also on your device.
  • Only the encrypted blob and a non-reversible verifier ever leave your device.
  • The server stores ciphertext. The password never appears in any log, database, or backup.

If a court served the company tomorrow, they could only hand over scrambled bytes. If a contractor went rogue, the same. If the database leaked on a hacker forum, the contents would be useless without your password.

What the server sees with zero knowledge

  • Your email address
  • Encrypted blobs of unknown content
  • Timestamps for when blobs were created or updated
  • Approximate size of each blob
  • Nothing readable, ever

Three questions to ask any notes app

If you want a straight answer about whether a notes app can read your data, these three questions cut through the marketing:

  1. If I forget my password, can you reset it without losing my data? If the answer is yes, they hold a key that can decrypt your notes. That key can be subpoenaed, leaked, or misused.
  2. Where does encryption happen, on my device or on your servers? Server-side encryption protects against outside attackers, but not against the company itself.
  3. What can your support team see when they open my account? An honest zero-knowledge app will answer "your email and encrypted blobs."

The SimplyBoard answer

We cannot read your notes. Not your titles, not your tags, not your content. Everything is encrypted on your device with AES-256-GCM before it touches our servers. The key comes from your password, and we never see it.

If you forget your password, we cannot help you recover your notes. That is the tradeoff. It is the same tradeoff that makes the answer to "can anyone else read my notes" a simple, honest no.

· The SimplyBoard Team