Is My Data Really Private?
Short answer
Privacy is not a yes-or-no label. It is a stack of questions about access, storage, metadata, recovery, and trust.
A simple checklist
- Is note content encrypted before upload?
- Can the provider read the note body?
- Can admins or support inspect content?
- What metadata remains visible?
- What happens during recovery?
- What leaks through exports, logs, or integrations?
Why marketing can be confusing
Words like "private," "secure," and "encrypted" can all be true while still leaving a provider-side path to readable data.
What to look for instead
Look for explanations about:
- where keys are managed
- where decryption happens
- what the server stores
- what the operator can and cannot access
A practical takeaway
Your data is more meaningfully private when the product reduces both policy risk and technical access risk.
The privacy stack
It helps to think of privacy as a stack of layers:
- content privacy: can the provider read the note body?
- metadata privacy: what can be inferred from timing, size, or device data?
- recovery privacy: what happens when you forget a password or lose a device?
- operational privacy: who can inspect logs, support tickets, or admin tools?
Six useful questions
- Is the data encrypted before upload?
- Can support staff inspect content in a normal workflow?
- Can the backend search plaintext notes?
- Are attachments and exports protected too?
- Does the app need accounts or telemetry to function?
- What happens if the provider is breached tomorrow?
A practical takeaway
"Private" is most believable when the answer to each layer stays narrow and the provider needs the least possible readable access.