Samsung vs Standard Notes

Samsung's data appetite is unusually broad for a hardware maker: voice recordings stored on servers with potential third-party retention, keyboard input logging via Predictive Text synced across devices, and persistent hardware identifiers that survive ad-ID resets. The company explicitly acknowledges that sharing with business partners may constitute a data sale under US law (CCPA). Full GDPR-grade rights are reserved for EEA/UK/Swiss residents; everyone else gets basic access and deletion with no response-time commitments. Retention timelines are vague and there are no named security certifications or breach notification windows.

Standard Notes is an end-to-end encrypted note-taking app that genuinely cannot read your notes; analytics are self-hosted via Plausible with no IP retention, apps collect zero usage data or location, and the subprocessor list is short and transparent — the main weaknesses are US jurisdiction and AWS hosting, the absence of published security audit reports, a thin policy that lacks GDPR rights language, and email marketing enabled by default.