PrivacyNotes beta

Help & FAQ

Answers and step-by-step guides: security, sync, pricing, and switching from other apps.

// Getting started

Can I try PrivacyNotes without creating an account?

Yes. The demo at try.privacynotes.app is the full app with sample content: no signup, no email, and nothing you type is saved. It runs entirely in your browser and never sends anything to our servers.

Closing the tab clears everything, which is the point. When you are ready to keep your notes, create a real vault at privacynotes.app. Demo content does not carry over, so copy out anything you want to keep first.

Do I need an email address to sign up?

No. A new vault is a freshly generated 12-word recovery phrase, nothing else. No email, no username, no phone number, no verification step. If you sign in with the phrase, we could not email you even if we wanted to, because we never learn who you are.

Prefer a familiar flow? Sign in with Google, Apple, or GitHub works too. That route necessarily tells us the email tied to your provider account, but your notes stay end-to-end encrypted either way, and you still get a phrase under the hood.

How do I move my notes in from another app?

Open Settings > Import & Export and pick your source. There are dedicated importers for Apple Notes, Obsidian, Standard Notes, Google Keep, Simplenote, Samsung Notes, and Bitwarden (logins, cards, and secure notes land in the Vault), plus a generic Markdown importer for any folder of .md files.

Imports run entirely on your device: your exported files are parsed, encrypted, and stored locally, nothing is uploaded for processing. Each imported note is tagged with its source so you can review the batch afterwards, and Google Keep checklists even convert to native task lists.

Is the editor Markdown-friendly?

Yes. Type Markdown and it formats live: # headings, **bold**, lists, - [ ] task checkboxes, quotes, and callouts. Notes export as clean Markdown too, so what you write stays portable.

You can also connect notes to each other: type [[ and an autocomplete offers your existing notes. A note-link opens its target with one click, and the outline panel plus find-in-note keep long documents navigable.

// Security & privacy

What can PrivacyNotes see about my notes?

Nothing readable. Notes, titles, tags, and attachments are encrypted on your device before they sync. The server stores ciphertext it cannot decrypt, and there is no key on our side to change that.

What we can see is the minimum needed to run the service: how much encrypted storage you use, how many devices you have linked, and sync timestamps. If you sign in with a phrase rather than Google or Apple, we do not even know your email address.

Why a recovery phrase instead of a username and password?

It can feel backwards at first, but a single recovery phrase is the stronger construction. With a username and password, the username is not a secret (it shows up in every breach dump), so all the security rests on the password, and human-chosen passwords average maybe 30 to 40 bits of entropy. Your 12-word phrase is a guaranteed 128 bits, generated by your device, never chosen by a human, and never reused from another site.

There is also nothing for us to lose. A password login means the server stores at least a password hash, which can be leaked, cracked, or phished. Your phrase never leaves your device: it derives your encryption keys locally, and the server only ever sees encrypted data. There is no hash to steal and no password reset flow for an attacker to abuse.

If typing 12 words feels clunky: you can save the phrase to your password manager with one tap (Settings > Security > Your Phrase), and signing in feels like any other login. Prefer a familiar flow? Sign in with Google or Apple works too, and you still get a phrase under the hood.

Can I choose my own balance between convenience and privacy?

Yes, deliberately. Not everyone is defending against the same threats, so the account model is a ladder rather than a single dogma. Every rung keeps your notes end-to-end encrypted; what changes is who holds the key and what we know about you.

The convenient end: sign in with Google, Apple, or GitHub and pick "Keep it simple" when asked. We store your recovery phrase for you, encrypted at rest on our server, so any device signs in with just your provider account and there is nothing to back up or lose. The honest tradeoff: we know the email behind your provider account, and a fully compromised server could in principle expose the stored key. If your realistic threat is losing your own credentials rather than a targeted breach, that is a sensible trade.

The middle: sign in with a provider but pick "Maximum privacy". Your phrase never touches our servers and the encryption is fully zero-knowledge; new devices need the phrase or a QR scan from a device that is already signed in. We still necessarily know your provider email, but we could not read a single note even under compulsion.

The private end: skip providers entirely and use only the 12-word phrase. No email, no name, no identity, and paired with an anonymous Pro purchase, even paying leaves no name anywhere. In exchange, key custody is entirely yours: lose the phrase with no signed-in device left, and nobody can help.

The ratchet turns one way only: you can upgrade from custodial to self-custody at any time (we delete our stored copy of your phrase), but there is no quiet path back down. And every rung can add the local layers on top: PIN app lock, biometric unlock, and per-note protection.

Is a 12-word recovery phrase secure enough? Why not 24 words like Bitcoin wallets?

Yes, 12 words is enough. A 12-word BIP-39 phrase encodes 128 bits of entropy. Brute-forcing 128 bits is not a "needs a bigger computer" problem, it is a "more energy than humanity produces" problem. There is no realistic attack that breaks 128 bits but fails at 256.

The Bitcoin comparison actually shows why 24 words is mostly marketing: Bitcoin keys live on the secp256k1 curve, which itself only provides about 128 bits of security. A 24-word phrase feeds 256 bits of entropy into a lock that still only takes about 128 bits of work to break. That is also why many major wallets still default to 12 words.

PrivacyNotes targets the same 128-bit security level end to end: your phrase is run through a key derivation function, and the encryption it protects (XChaCha20-Poly1305) is keyed to match. Adding 24 words would double what you write down and type without adding any practical security, so we have no plans to offer it.

The honest weak points of any recovery phrase are phishing and where you store the paper, not its length. Guard the phrase itself and 12 words will outlive all of us.

If someone guesses my 12 words, can they log into my account?

Short answer: yes. Your phrase is the key, so anyone who holds it can sign in, the same way anyone holding your house key can open your door. That is by design: it is the single master key to your notes, and nothing weaker sits in front of it. So the real question is not whether holding the phrase grants access (it does), but whether someone could guess it, and there the answer is no, not with any computer that exists or that we can foresee.

Here is the scale. A 12-word phrase is one of 2^128 possibilities: about 340 undecillion, a 39-digit number (3.4 x 10^38). The odds of guessing yours on the first try are 1 in 340 undecillion, longer odds than winning a 1-in-300-million lottery jackpot four times in a row. Treating it as a search rather than a lucky guess does not help: even at a billion billion attempts every second (10^18, far beyond what any real hardware could reach, nation-states included), working through them all would take around 10 trillion years, close to 800 times the current age of the universe. And that is the fantasy version, because every real attempt has to run a deliberately slow key-derivation step and any online attack must go through our servers, which makes actual guessing slower by many more orders of magnitude. This is not a novel scheme either: the same 128-bit construction has secured Bitcoin wallets for over a decade, and no one has ever guessed one.

It is tempting to picture the phrase like a password, where you add strength by mixing in capitals, numbers, and symbols. A recovery phrase does not work that way, and you should never try to build or edit one by hand. Your device generates 128 bits of cryptographically secure randomness and encodes them as 12 words from a fixed public list of 2048 words: that randomness is the entire strength. The last word even carries a built-in checksum, so a mistyped or made-up phrase is rejected on sight. Word order matters, capitalization does not (we normalize it when you sign in), and adding symbols would only make the phrase invalid. Type the words exactly as issued.

Why is there no two-factor authentication (2FA)?

Because it is a deliberate tradeoff, not an oversight. The familiar kind of 2FA, a texted code or an authenticator app, exists to shore up weak, human-chosen passwords, and it leans on a shared secret and a recovery path held on a server. That is the exact attack surface the phrase model removes: your device proves it holds the key by signing a challenge, so our servers only ever receive a public key and a signature, never the phrase and never a password hash. Bolting a code on top would reintroduce the server-side machinery this design exists to avoid, while adding nothing against guessing, because 128 bits already closes that door.

The one kind of second factor that would genuinely add something is a phishing-resistant one, such as a hardware security key or a passkey, because the real residual risks are not guessing but phishing, malware, and a phrase that gets stolen or shoulder-surfed. On a device left unlocked, the app lock (PIN) and biometric unlock are the local backstop.

Beyond that, the phrase is the key, so back it up the day you create your account: keep it in a reputable password manager, or print it or write it down and store that copy somewhere safe. Never paste it into anything but the app itself.

Do you use the same word list as Bitcoin wallets (BIP-39)?

Yes, the standard BIP-39 English wordlist: 2048 words, the exact same list Bitcoin wallets use. We generate phrases with @scure/bip39, an audited open-source library. No custom wordlist and no homegrown crypto.

The list is designed for writing down by hand: the first four letters of every word are unique, so a smudged or abbreviated word is still unambiguous, and similar-looking words were deliberately excluded.

Because it is the standard list, you can verify your phrase against any public BIP-39 reference, and our encryption layer is published as open core so you can check the implementation yourself.

Does searching my notes send anything to your servers?

No. Search runs against a full-text index built and stored on your device. Queries never leave it, results appear even with no connection at all, and nothing about what you search for is ever transmitted.

This is not a policy choice we could quietly reverse, it is forced by the architecture: the server only holds ciphertext, so there is nothing readable on our side to index or search. A server that cannot read your notes cannot search them either.

Does PrivacyNotes use AI on my notes?

No. There are no AI features in the app, no AI processing running in the background, and no model training on your content. Your notes are encrypted before they leave your device, so there is nothing readable on our servers to feed into anything.

If we ever ship a feature in this direction, it would have to run entirely on your device and be strictly opt-in. Sending plaintext notes to a cloud model would break the zero-knowledge promise, so it is off the table.

What are burn notes?

A burn note is a self-destructing way to share a note with someone who does not use PrivacyNotes. The app encrypts the content with a one-time key and gives you a link. The key travels in the link fragment, which browsers never send to servers, so our server stores ciphertext it cannot read.

The first time the link is opened, the server hands over the ciphertext and deletes it in the same step: one read, then it is gone. Unopened links expire on their own after 24 hours. Either way, nothing lingers.

Is PrivacyNotes open source?

The parts that protect you already are. The encryption code, database schema, and threat model are published as open core, so anyone can audit exactly how your notes are secured rather than taking our word for it.

The apps are next. Once the native apps for every platform have shipped, we will open-source the client code (web, desktop, and mobile). The one part that stays closed is the sync backend, and it never holds anything but encrypted data we cannot read. Keeping it private costs you nothing on privacy, and it stops anyone from cloning the whole service and passing our work off as their own. Open where it protects you, closed where it protects us.

// Account & recovery

I lost my recovery phrase. Can you recover my account?

If you are still signed in on any device: yes, you can recover it yourself. Open Settings > Security > Your Phrase and save it to your password manager right now.

If you have no signed-in device and no phrase: no, and nobody can. Your phrase never reaches our servers, so there is nothing to reset and no support ticket that can help. This is not a policy we could bend - it is what end-to-end encryption means. Any service that can restore your encrypted data after a total loss is holding your keys.

The fix costs ten seconds: store the phrase in a password manager the day you create your account.

I sign in with Google or Apple. What if I lose access to that account?

You still have a 12-word phrase under the hood, and the phrase alone signs you in on any device - no Google or Apple required. Open Settings > Security > Your Phrase and save it to your password manager.

Do that once and losing the provider account costs you nothing: just sign in with the phrase instead.

I forgot my PIN. Is my data gone?

No. The PIN is a convenience lock against shoulder-surfing on your own device, not an encryption key. Your notes are encrypted with keys derived from your recovery phrase, and the phrase always grants full access without any PIN.

This is a deliberate design choice: tying encryption to a 4-digit PIN would mean a forgotten PIN destroys data. It never does here.

How do I delete my account?

In the app: Settings > ID & Sync, then "Delete account & data". This permanently removes your synced notes, files, devices, settings, and the account itself from the server. There is no retention window and no backup we could restore afterwards, so export anything you want to keep first (Settings > Import & Export).

Two details: an active storage subscription must be cancelled before deletion (one already scheduled to cancel does not block it), and because a phrase account never included an email or a name, there is no profile or marketing list left to scrub. Wiping the local data on one device is a separate action and does not touch your account.

// Sync & devices

What exactly syncs across my devices, and what stays local?

Everything you would expect, all encrypted on your device before it syncs: notes, tasks, journal entries, your vault, and the encrypted files in it. Your settings follow you too - favorite tags, sort and view preferences, color theme, your PIN (as a salted hash, never the PIN itself), app lock, tracker and medication setup, and trash auto-delete. Set something up once and every device picks it up.

A few things stay deliberately device-local: light or dark mode (each device follows its own system preference), biometric unlock (tied to the hardware of each device), and your unlock state (closing the app always re-locks). The server only ever stores encrypted blobs and can read none of it.

Does PrivacyNotes work offline?

Yes. The app is local-first: your notes live in a database on your device, so reading, writing, and search all work with no connection. Changes sync automatically when you are back online.

What happens if I edit the same note on two devices at once?

Nothing is overwritten silently. If both devices changed the same note while apart (say, one was offline), the app detects the collision when they sync again and shows a conflict dialog: keep the version on this device, keep the other one, or keep both as separate notes.

In everyday use you will rarely see it. Edits sync within seconds while you are online, and the dialog only appears when two versions of the same note genuinely diverged.

How do I remove a device I no longer use?

Settings > Account lists every registered device. Remove the one you are retiring: the slot frees up immediately (useful on the free 2-device plan), and the removed device is signed out the next time it tries to sync. It stays visible under "Recently removed" for 72 hours so you can confirm it is gone.

One honest caveat: removal is not a security boundary on its own, because anyone holding your recovery phrase can sign in again. If a device was lost or stolen, the phrase is the thing to protect, and the app lock (PIN or biometrics) is what keeps a found device from being an open door.

// Your data

Where is my data stored?

On your device first - that copy is the one you actually work with. The sync copy lives on servers in Zurich, Switzerland.

Because everything is encrypted before it leaves your device, the server location is a bonus rather than a load-bearing promise: the synced data would be unreadable no matter where it sat.

Can I export my notes, or am I locked in?

You can export everything at any time, generated entirely on your device: Markdown files in a zip with attachments included, a full JSON backup, or self-contained HTML - per note or for the whole account.

Import works too: bring notes in from Obsidian, Apple Notes, Google Keep, Standard Notes, Simplenote, and Samsung Notes. Lock-in is not part of the business model.

What files can I attach, and how big can they be?

Any file type: images, PDFs, audio, archives, whatever you drop in. Every file is encrypted on your device before upload, exactly like note text, and the Files view collects all attachments in one place.

The per-file limit is 5 MB on the free plan and 50 MB on Pro. Files count against your total sync storage (50 MB free, 500 MB on Pro, expandable to 5.5 GB with storage add-ons), and the storage bar in Settings > Storage always shows where you stand.

What is the Vault?

The Vault is a dedicated section for structured secrets: logins with usernames and passwords, credit and debit cards, and SSH keys. Entries get proper fields instead of free text, logins display a site icon, and everything is end-to-end encrypted like the rest of your data.

It gives the handful of credentials that otherwise end up scattered across notes a tidy, protected home. Pair it with the app lock and PIN protection for a second gate on your most sensitive entries. A Bitwarden import lands here automatically.

How long can a single note be, and what do the size warnings mean?

Type as much as you like - for normal notes, size never comes up. As a single note grows very large, a small hint appears beneath it and escalates in three steps: around 50,000 words it notes the note is getting long and may lag on slower devices; around 75,000 words it turns amber, meaning editing may start to stutter; and around 100,000 words it suggests splitting the note because you are nearing the sync limit. These are guides, not hard stops, and nothing prevents you from continuing.

That sync limit is the only real ceiling. A single note can hold up to about 1 MB of text once encrypted - very roughly 120,000 words of typical English, and fewer with a non-Latin script or heavy formatting. A note past that keeps working and stays safe on the device you wrote it on, but that one note will not sync to your other devices (you will see a "failed to sync" notice). The rest of your notes are unaffected: one oversized note never blocks anything else.

The fix is easy: split a very long note into a few smaller ones. The content is identical, it syncs without trouble, and the editor stays fast. A live word count under each note lets you watch the size as you go. And if you were about to stress-test where the wall is, now you do not have to.

What happens to my notes if PrivacyNotes shuts down?

You lose nothing. The complete dataset is already on your device because the app is local-first, and export to Markdown, JSON, or HTML works entirely offline.

The encryption layer is also published as open core, so the format stays independently readable even in a world where our servers vanish overnight.

// Pricing & Pro

What is free and what is Pro?

Free is the full product, not a teaser: end-to-end encrypted notes, tasks, journal, and vault, offline use, import and export - on up to 2 devices with 50 MB of sync storage.

Pro is a one-time purchase that adds unlimited devices, 500 MB of sync storage (expandable), note version history, larger file attachments, note locking and PIN protection, advanced wellness tracking, zen mode, and all color themes.

How can a one-time payment fund a sync service forever?

Because the service is deliberately cheap to run. The app is local-first and notes are small encrypted blobs, so the server does little more than store them and relay them between your devices. No analytics pipeline, no AI features burning compute, no support department.

The one cost that does grow over time is storage, and that is priced accordingly: storage beyond the included 500 MB is a small yearly add-on. One-time costs are priced once, recurring costs recur. The model only has to pay for itself, and it does.

I bought Pro on one platform. Do I have it everywhere?

Yes. Pro is attached to your account, not to a device, platform, or store. Buy it once, sign in with the same phrase (or the same Google, Apple, or GitHub login) anywhere, and Pro is active there too.

That includes platforms that do not exist yet: when a new app ships, your existing Pro comes along at no extra cost.

How do storage add-ons work?

Pro includes 500 MB of encrypted sync storage. If you need more, add-on packages stack on top: 1 GB for $4.80 per year, 2 GB for $8.40, or 5 GB for $18, up to 5.5 GB in total. Add-ons are the only recurring purchase in the product, because storage is the only thing that costs us money every month you use it.

Everything is managed under Settings > Storage: switch to a bigger package (you pay only the prorated difference) or cancel anytime and keep the space until the period you paid for ends. Pro itself is yours forever either way.

What is the refund policy?

30 days, no questions asked. If Pro is not for you, request a full refund within 30 days of purchase and it goes back to the original payment method. Customers in the EU additionally keep their statutory 14-day right of withdrawal.

Payments are processed by Paddle, our merchant of record, so refunds are handled by Paddle directly: reply to your purchase receipt email or visit paddle.net. The full policy lives in the terms of service.

What do you learn about me when I pay?

Less than you might expect. Checkout runs through Paddle, the merchant of record: your name, card number, and billing address go to Paddle for payment and tax purposes and never touch our servers.

What reaches us is a confirmation that the public key of your account is now Pro, plus the order amount. The billing relationship, including the receipt email you enter at checkout, stays with Paddle. So a phrase-only account remains pseudonymous to us even as a paying customer: we know that you paid, not who you are.

Can I buy Pro without revealing who I am?

Yes, with two standard tools. For the receipt, use an email alias: Apple Hide My Email, DuckDuckGo Email Protection, SimpleLogin, Firefox Relay, or addy.io all forward to your real inbox without exposing it. For the payment, use a masked card: privacy.com in the US generates virtual cards that work with any name you type, and many banks and services elsewhere (Revolut, for example) offer disposable virtual cards that do the same job.

At checkout, Paddle asks for an email, a payment method, and a country (plus a postal code in some regions) to calculate tax. The alias receives the receipt, the masked card carries whatever name you gave it, and the tax location narrows you to a region, nothing more. Keep the alias alive though: the receipt email is your proof of purchase and your channel for a refund.

Combined with a phrase account, no single party ends up holding the full picture: your bank sees a card top-up, Paddle sees an alias and a masked card, and we see only that a public key became Pro.

// Apps & platforms

Which platforms does PrivacyNotes run on?

Web, macOS, Windows, Linux, and Android today, with iOS coming soon. Every app is built from the same core with the same end-to-end encryption and syncs through the same account. The downloads section always has the latest builds.

The web app is a first-class citizen, not a fallback: it keeps a full local copy of your data and works offline, so any modern browser is always a way in.

Will the Android app update itself?

If you got it from the Google Play Store, yes, it updates on its own like your other apps. If you downloaded it straight from our website, your phone will not update it automatically, that is just how Android works for apps that do not come from the Play Store.

So instead, the app checks for new versions and shows a "New version available" message when one is ready. Tap it, and the update installs right over the old version, with all your notes and settings still there. The check only looks for a newer version, it never touches your notes, which stay encrypted the whole time.

Which languages does the app speak?

English, German, French, Italian, Spanish, and Brazilian Portuguese. The app follows your system language by default, or you can pin one explicitly under Settings > Language on each device.

Translations are free for everyone, not a Pro perk. More languages are planned; if yours is missing, tell us on GitHub or Reddit.