Question 1

Can Standard Notes read my notes?

Accepted Answer

No — and this is an architectural guarantee. Notes are encrypted on your device before being sent to the server. Standard Notes' servers store only ciphertext and cannot decrypt your notes regardless of circumstances. The open source codebase allows anyone to verify this independently.

Question 2

What data does Standard Notes actually hold about me?

Accepted Answer

Your email address, encrypted notes (unreadable to Standard Notes), note creation and modification timestamps (stored unencrypted), and optionally your user agent string. IP addresses are not stored in Standard Notes' own databases, though Cloudflare and the AWS firewall may retain them transiently for abuse prevention.

Question 3

Is Standard Notes subject to government data requests?

Accepted Answer

Yes — it is a US company and is subject to US legal process including National Security Letters. However, it cannot provide decrypted note contents regardless of any legal order, because it holds no decryption keys. Account-level data (email address, timestamps) could potentially be compelled.

Question 4

Does Standard Notes track me in the app?

Accepted Answer

No. The apps collect no location data and no usage tracking data. The website uses self-hosted Plausible analytics with anonymised IPs and no IP retention — one of the more privacy-respecting website analytics setups available.

Question 5

Can I use Standard Notes anonymously?

Accepted Answer

Partially. You can use a pseudonymous email address and pay with cryptocurrency (via Coinbase). However, account metadata (note timestamps) is stored unencrypted, and the company is US-based, so full anonymity is not possible. For the strongest anonymity, pair pseudonymous email with crypto payment and access via a VPN or Tor.

Question 6

How do I exercise my privacy rights with Standard Notes?

Accepted Answer

Contact the support team at help@standardnotes.com or, for sensitive requests, via ProtonMail at standardnotes@protonmail.com. The policy does not enumerate specific GDPR rights or provide a dedicated DPO contact — this is a gap in their documentation, but the team has historically been responsive to account and data requests.

Privacy policies decoded, for free.

Standard Notes

Category Breakdown

Known data breaches

Frequently asked questions

Compare with

Embed this grade