Best Site for Encrypted Notes
Summary
The best site for encrypted notes is Standard Notes — open source, audited end-to-end encryption, now owned by Proton, with a generous free tier. Joplin is the strongest open-source alternative that works with your own storage backend (Dropbox, OneDrive, WebDAV, S3, or its own Joplin Cloud), so encryption keeps your data unreadable to whoever hosts the file. Obsidian is local-first markdown — your notes are plain files in a folder you control, with optional paid Sync that adds E2EE. Cryptee is the small Estonia-based privacy-first option. Notesnook is the newer open-source entrant. Notion, Evernote, OneNote, and Google Keep do NOT offer end-to-end encryption — they should not be on this ranking and are excluded.
Top 5 at a glance
| # | Site | Best for | Price |
|---|---|---|---|
| 1 | Standard Notes | Audited open-source end-to-end encrypted notes | Free tier covers basic notes; Productivity ~$90/year; included in Proton Unlimited |
| 2 | Joplin | Open-source notes with end-to-end encryption and bring-your-own-backend | Free; optional Joplin Cloud (~€2.40/mo); free with any cloud you already pay for |
| 3 | Obsidian | Local-first markdown notes with optional E2EE sync | Free for personal use; Obsidian Sync $5/mo with E2EE; Obsidian Publish separate |
| 4 | Cryptee | Estonia-based E2EE notes and photos with browser-first delivery | Small free tier; paid from a few dollars/month |
| 5 | Notesnook | Newer open-source E2EE notes with web, desktop, mobile | Free tier; Pro ~$5/month for full features |
Detailed rankings
Standard Notes
Audited open-source end-to-end encrypted notes
The default for E2EE notes. Free tier handles plain notes; pay or bundle with Proton Unlimited for the markdown editor and more.
Pros
- End-to-end encryption with audited cryptography (multiple public audits)
- Open-source clients across web, desktop, mobile
- Acquired by Proton in April 2024 — sustainable backing
- Notes are simple text by default; Markdown, code, and rich-text editors are paid extensions
- Cross-device sync over E2EE
- Optional self-host of the server
Cons
- Free tier is genuinely usable but markdown editor and other extensions are paid
- Less feature-rich than Notion or Obsidian for power note-taking
- Proton acquisition is a positive but reduces ecosystem diversity
- Smaller community than Joplin or Obsidian
Price: Free tier covers basic notes; Productivity ~$90/year; included in Proton Unlimited
Sources: standardnotes.com, github.com
Joplin
Open-source notes with end-to-end encryption and bring-your-own-backend
The right pick when you want to control where the encrypted blobs are stored. Pair with Filen, MEGA, or your own server for maximum sovereignty.
Pros
- Open source under AGPL
- End-to-end encryption activated by user — your sync backend stores ciphertext only
- Backend choice: Dropbox, OneDrive, WebDAV, S3, Joplin Cloud, or local file system
- Markdown-first with rich features (tags, todos, attachments, web clipper)
- Cross-platform desktop and mobile
- Plugin ecosystem
Cons
- E2EE is opt-in — must be enabled explicitly
- Web clipper experience trails Evernote's mature one
- Initial backend setup is a step that Notion users do not face
- Mobile app less polished than desktop
Price: Free; optional Joplin Cloud (~€2.40/mo); free with any cloud you already pay for
Sources: joplinapp.org
Obsidian
Local-first markdown notes with optional E2EE sync
The right pick when you want local-first markdown and the optional E2EE sync. For pure privacy purists, Joplin is more open.
Pros
- Notes are markdown files in a folder you control — maximum portability
- Massive plugin ecosystem for graph view, dataview, daily notes, etc.
- Obsidian Sync uses end-to-end encryption for the paid sync product
- Works fully offline — no cloud requirement
- Strong knowledge-management features (backlinks, graph)
Cons
- Closed-source clients — encryption claims for Sync rely on Obsidian's representation
- Free sync alternatives (Syncthing, iCloud, Dropbox) skip the E2EE Sync benefit
- Mobile experience trails desktop
- Many features are plugin-only — community plugins vary in quality
Price: Free for personal use; Obsidian Sync $5/mo with E2EE; Obsidian Publish separate
Sources: obsidian.md
Cryptee
Estonia-based E2EE notes and photos with browser-first delivery
The right pick when you specifically want a small EU operator and like the photos integration. Choose Standard Notes for institutional backing.
Pros
- End-to-end encryption with documented architecture
- Estonia-based operator — strong privacy jurisdiction
- Notes and photos in one product (Docs and Photos)
- Web-first means no install required
- Open-source plans flagged but verify current status
Cons
- Small operator — much smaller user base than Standard Notes or Joplin
- Long-term sustainability uncertain compared to Proton-backed Standard Notes
- Feature set narrower
- Mobile apps less polished
Price: Small free tier; paid from a few dollars/month
Sources: crypt.ee
Notesnook
Newer open-source E2EE notes with web, desktop, mobile
The right pick when you want a fresh alternative with no Big-Tech adjacency. Smaller-project sustainability risk applies.
Pros
- Open-source clients
- End-to-end encrypted with publicly-documented cryptography
- Cross-platform: web, desktop, iOS, Android
- Active development
- Self-host option for the sync server
Cons
- Smaller user base than the incumbents
- Free tier is restrictive on note count and features
- Some features (PDF export, app-lock) are paid
- Newer project — less audit history than Standard Notes
Price: Free tier; Pro ~$5/month for full features
Sources: notesnook.com
How we chose
- End-to-end encryption — provider cannot read your notes, no exceptions.
- Open-source clients — encryption claims independently verifiable.
- Self-host or bring-your-own-backend preferred for control.
- Cross-platform — desktop, mobile, web at minimum.
- Honest exclusions — Notion, Evernote, OneNote, Google Keep do not qualify.
- Distinct from [[taking-notes-online]] which covers productivity-focused alternatives.
Frequently asked questions
Why exclude Notion and Evernote?
Neither offers end-to-end encryption. Notion stores your content in a form Notion's servers can read — required by their search, AI, and collaboration features. Evernote similarly stores notes server-side without E2EE. Both are convenient productivity tools; neither belongs in an encrypted-notes ranking. Same for OneNote, Google Keep, and Apple Notes (in its default mode without Advanced Data Protection).
What about Apple Notes with Advanced Data Protection?
Apple's Advanced Data Protection (rolled out 2022-2023) is an opt-in setting that adds end-to-end encryption to many iCloud categories including Notes. When enabled, Apple cannot read your notes — even under subpoena they can only provide encrypted blobs. The catch: it is opt-in, requires you to set up account recovery, and uses Apple's closed-source clients. Acceptable for Apple ecosystem users who turn it on; not auditable like open-source alternatives.
Can I switch between these without losing notes?
Most support markdown export and import. Joplin reads Standard Notes export; Obsidian reads any markdown directly; Standard Notes exports as JSON or plain text. Plan for portability when choosing — vendor lock-in is real even within E2EE products.
Is end-to-end encryption enough for sensitive notes?
It protects against breach of the provider. It does not protect against compromise of your own device — if your phone or laptop is compromised, the notes are decrypted while you are using them. Layer with full-disk encryption on your devices, strong passcode, and consider Secure OS ([[secure-os]]) for very high-stakes use. E2EE is one defense among several, not the whole picture.
Should I self-host?
Worthwhile for Joplin (the sync server is light) and Standard Notes (Docker image exists). Obsidian sync is closed-source so self-hosting means giving up the E2EE Sync product entirely and using something like Syncthing instead — works but is configuration-heavy. For most users, the hosted E2EE product is fine; sovereignty matters most when your threat model includes the provider itself.