[keyle]

Nice. I got one bit of feedback for this part

> We are committed to protect your information. Your data is stored on our secure servers and we use SSL encryption to protect data transmissions. Your notes are for your eyes only.

I found it less than convincing. Saying "your notes are safe" because we use SSL and stored on our "secure servers"... I know that something hosted in the Netherlands is probably slightly safer than anywhere else but you might want to spruce up a bit that section. Notes are extremely personal. They could contain crypto keys, receipts, recipes, someone's Intellectual property, etc.

[todd_t]

I want to see the words "encrypted at rest", or something similar.

[java-man]

Standard Notes [0] are allegedly encrypted at rest.

[0] https://standardnotes.org/

[0xCMP]

In Standard Notes' case they are AES encrypted before leaving the device using a note specific key encrypted using your master password (or at least that's how the underlying system Standard File used to work). Encrypted at rest could just mean the volume is encrypted but they can still read your notes (since they have the key).

[java-man]

They say it's XChaCha20-Poly1305 [0], and "no one but you" can read your private notes [1] (I don't know what that means).

They also list some security audits, though not without problems.

[0] https://standardnotes.org/help/3/how-does-standard-notes-sec...

[1] https://standardnotes.org/help/1/who-can-read-my-private-not...

[lojack]

Unless they're self hosting, this might even be a super easy thing to add. With AWS and many other cloud providers this is either the default or a simple checkbox.

[stevehawk]

On the off chance that someone physically steals the server?

[edoceo]

Or steals bits at rest remotely for later analysis

[gabriel0r]

Thanks for the feedack! I do agree, notes are extremely personal. We will be updating the security section in the course of this week. We are also experimenting with end-to-end encryption, that most note-taking tools lack.

[scambier]

E2E encryption while having a useful search engine seems pretty hard to do from what I'm understanding.

I switched from Notion to my own electron-based markdown editor just for the peace of mind of not having my notes stored in clear on someone else's server.

[keyle]

It's okish to implement, here is an example...

https://blog.excalidraw.com/end-to-end-encryption/

The harder part is probably from a UX sense, how do you make sure people understand that the key is important, and how do you or not store it on their computer.