Security

Last updated: June 24, 2026

Your notes are yours. This page explains, in plain language, exactly how we protect them — and, just as importantly, what we do not yet do. We would rather tell you the honest truth about our current architecture than hide behind buzzwords. Security claims only mean something when they're specific and verifiable.

1. How we protect your notes

  • Encryption at rest: All note content is encrypted with AES-256-GCM before it is stored. If someone obtained a copy of our database, the note content would be unreadable ciphertext.
  • Encryption in transit: Everything between your device and our servers travels over TLS 1.3 (HTTPS everywhere). No note is ever sent in the clear over the network.
  • Per-account isolation: We use Row-Level Security (RLS) at the database level, so one account can never read another account's data — even if application code had a bug.
  • Hardened infrastructure: We run on SOC 2-compliant hosting with restricted, monitored internal access following least-privilege principles.

2. What this protects against

This is the part most apps won't tell you. Honesty is the point, so here it is.

What we protect against today

  • ✓ A stolen or leaked database — note content is encrypted ciphertext.
  • ✓ Network eavesdropping — TLS 1.3 in transit.
  • ✓ One user accessing another user's data — enforced at the database level.
  • ✓ Your data being sold or mined — we never do this (see section 3).

Two levels of encryption

  • Standard notes are encrypted at rest with our key, so the server can decrypt them to power search, sharing, and export. This protects against a database breach — but not against us.
  • Private Vault notes are encrypted on your device with a key only you hold. We can never read them — true zero-knowledge (see section 5).

We use the word "zero-knowledge" only for the Private Vault, because that is the only place our architecture actually earns it — your vault key never reaches our servers. For everything else we say exactly what we do: encrypted at rest, and readable by us to power the features you asked for.

3. What we never do

  • We never sell, rent, or share your personal data with advertisers or data brokers.
  • We never use your note content to train machine learning models.
  • We never show ads or build advertising profiles from your activity.
  • We never use tracking or advertising cookies — our website analytics are cookieless.

4. Your data, your control

  • Export anytime: You can export all of your data from your account settings. No lock-in.
  • Delete permanently: When you delete your account, your notes and personal data are permanently removed within 30 days, and any encrypted backups are purged within 90 days.
  • GDPR rights: Access, rectification, erasure, and portability are supported. See our Privacy Policy for details.

5. The Private Vault — zero-knowledge encryption

For your most sensitive notes, the Private Vault encrypts the note content on your device before it ever reaches us. The key is derived from a vault passphrase only you know — it never touches our servers. We store only unreadable ciphertext, so we cannot read your vault notes even if we wanted to, and neither could anyone who stole our entire database.

  • A separate passphrase unlocks the vault for your session. We never see it and can never reset it.
  • A recovery key is your only backup if you forget the passphrase. Lose both and your vault notes are unrecoverable — that is the cost of true zero-knowledge. How to keep your recovery key safe →
  • Honest limits: vault note titles and tags stay visible to us — only the content is encrypted — and vault notes can't be shared with a public link or the Web Clipper. Keep sensitive details in the body, not the title.

The Private Vault is opt-in, one note at a time — the rest of your notes keep working exactly as before.

6. Reporting a vulnerability

If you believe you've found a security issue, we want to hear from you. Please email support@notegod.io with the details, and we will respond as quickly as we can. We appreciate responsible disclosure and will not pursue action against good-faith research.