Yes, 12 words is enough. A 12-word BIP-39 phrase encodes 128 bits of entropy. Brute-forcing 128 bits is not a "needs a bigger computer" problem, it is a "more energy than humanity produces" problem. There is no realistic attack that breaks 128 bits but fails at 256.
The Bitcoin comparison actually shows why 24 words is mostly marketing: Bitcoin keys live on the secp256k1 curve, which itself only provides about 128 bits of security. A 24-word phrase feeds 256 bits of entropy into a lock that still only takes about 128 bits of work to break. That is also why many major wallets still default to 12 words.
PrivacyNotes targets the same 128-bit security level end to end: your phrase is run through a key derivation function, and the encryption it protects (XChaCha20-Poly1305) is keyed to match. Adding 24 words would double what you write down and type without adding any practical security, so we have no plans to offer it.
The honest weak points of any recovery phrase are phishing and where you store the paper, not its length. Guard the phrase itself and 12 words will outlive all of us.