Standard Notes

What Is Standard Notes?

Every major note-taking app treats your notes as data it can read. Evernote's privacy policy permits processing your content for product improvement. Notion stores notes in plaintext on US servers. Apple Notes uses encryption in transit but Apple retains the keys. If your notes contain sensitive information, such as client details, medical records, financial data, or passwords, the default assumption in most tools is that the provider has technical access to that content.

Standard Notes was built to reject that assumption from the ground up. Founded in 2016 by Mo Bitar, it uses a zero-knowledge architecture where all encryption and decryption happens on your device before any data reaches Standard Notes servers. The provider cannot read your notes. The encryption implementation is published as open-source code under the AGPL-3.0 licence and has been independently audited. In April 2024, Standard Notes was acquired by Proton AG, the Geneva-based privacy company behind Proton Mail and Proton VPN, giving the project the engineering resources and institutional backing of one of Europe's most credible privacy organisations.

The result is a note-taking application that sits in a specific position: less feature-rich than Notion or Evernote, less extensible than Obsidian, but meaningfully more private than any of them, with a genuine open-source foundation that allows self-hosting for users who want complete infrastructure control.

Key Features

Zero-Knowledge End-to-End Encryption

Standard Notes encrypts every note on your device using a key derived from your password before anything is transmitted. The server stores only ciphertext. Standard Notes employees, Proton AG engineers, or anyone with database access cannot read your notes regardless of legal requests, data breaches, or insider threats. This is the foundational design decision that shapes every trade-off the product makes.

The encryption uses XSalsa20-Poly1305 (or XChaCha20-Poly1305 in newer versions), which is well-regarded symmetric encryption. The key derivation is Argon2id, a memory-hard algorithm that resists brute-force attacks even against hardware-accelerated attackers. The implementation is not novel cryptography; it is established primitives applied correctly, which is the right approach.

Cross-Platform Sync with Offline First

Standard Notes maintains apps for every major platform: web browser, macOS, Windows, Linux, iOS, and Android. Sync operates through the encrypted server store, so a note written offline on a phone is uploaded (encrypted) when connectivity returns and available on your laptop. The offline-first architecture means the app is fully functional without an internet connection.

All editors, sync, and encryption work identically across platforms. There is no platform-specific feature gap. Linux users, who are often an afterthought in productivity software, have a fully featured native app.

Advanced Editors (Paid)

The free tier provides a plain text editor with full encryption. Paid tiers unlock a range of additional editors: a Markdown editor with live preview, a rich text editor for formatted notes, a code editor with syntax highlighting across dozens of languages, a spreadsheet editor for structured data, and a tasks editor for to-do lists. These editors are not third-party plugins but first-party features tested and maintained by the Standard Notes team.

This is a deliberate trade-off. Keeping editors in-house means fewer editors than Obsidian's plugin ecosystem, but it also means each editor is maintained and secured as part of the application rather than relying on community-built plugins with variable security practices.

Self-Hosting

The complete Standard Notes server stack is published on GitHub under the AGPL-3.0 licence. Users with technical skills can run their own Standard Notes server on any infrastructure, Docker-based deployment included, and point the official apps at their self-hosted instance. Notes are end-to-end encrypted even in self-hosted deployments. For users who want complete control over every byte of their data, self-hosting is a fully supported configuration with documented setup instructions.

File Attachments

Productivity and Professional plans include encrypted file storage for attachments. Files are encrypted client-side before upload, following the same zero-knowledge model as notes. Productivity includes 1GB of storage; Professional includes 100GB. Files can be attached to individual notes and are accessible across all platforms.

Pricing

Standard Notes uses annual subscription pricing with a functional free tier:

• Free — $0/year: Unlimited plain text notes, E2EE, cross-platform sync, 2FA, and tags. No note count limit, no expiry, no payment required.
• Productivity — $90/year ($7.49/month equivalent): Adds all advanced editors (Markdown, rich text, code, spreadsheet, tasks), file attachments (1GB encrypted storage), custom themes, and note version history.
• Professional — $120/year ($9.99/month equivalent): Adds 100GB encrypted file storage, maximum note history, and family sharing for up to 5 members.

These prices have remained stable since before the Proton acquisition and are not bundled into the Proton Unlimited subscription as of 2026. Standard Notes maintains separate pricing from Proton's product suite.

EU Compliance and Privacy

Standard Notes is operated by Proton AG, headquartered in Geneva, Switzerland. Switzerland holds an EU adequacy decision for data protection, meaning Swiss data protection law is recognised as equivalent to GDPR for data transfer purposes. Proton AG stores data in EU data centres and processes personal data under the Swiss Federal Act on Data Protection (FADP) and GDPR.

The zero-knowledge architecture provides a stronger privacy guarantee than any regulatory framework alone: even if Standard Notes or Proton AG received a valid legal demand for user note contents, they cannot comply because the contents are encrypted with keys they do not hold.

The AGPL-3.0 licence on both client and server code means the encryption implementation is publicly readable, independently verifiable, and cannot be changed without the change being visible to the community. This is meaningful transparency in a space full of "we use encryption" claims that cannot be independently verified.

Who It's Best For

If you handle sensitive personal or professional information (client notes, medical details, financial records, legal documents, passwords) and want a note-taking tool where the provider provably cannot access your content, Standard Notes is the strongest option available. Evernote and Notion do not offer this guarantee. Apple Notes holds the keys. Obsidian stores local files without managed sync.

If you are a developer, security researcher, or privacy-focused professional who wants Linux support, self-hosting capability, and open-source auditability alongside managed sync, Standard Notes covers all three. Obsidian's plugin ecosystem is richer, but Obsidian does not offer a self-hosted encrypted sync server.

If you need real-time collaboration, document linking like Roam Research or Obsidian's bidirectional links, or the block-based flexible layout of Notion, Standard Notes is not the right tool. It is a personal notes application, not a team knowledge base. Roam Research and Obsidian offer more sophisticated note graph and linking features for knowledge management workflows.

If budget is the primary consideration, the free tier is genuinely complete for basic encrypted notes and has no artificial time limit or note count ceiling.

The Verdict

Standard Notes occupies a clear and honest position in the notes market: privacy and longevity above features, with open-source code that makes its claims independently verifiable. Proton AG's acquisition in 2024 has brought engineering resources to the project, and the 2025 focus on bug fixes and performance improvements has produced a more stable app than earlier releases. The pricing is fair. The free tier is real. The encryption architecture is sound.

Its limitations are real as well. The editor selection is narrower than Obsidian's plugin ecosystem. Real-time collaboration does not exist. The integration ecosystem extends mainly to the Proton suite and not much further. These are not failures of execution; they are the costs of the privacy-first design decisions that define the product. For users whose primary concern is that their notes remain private and durable, those trade-offs are not just acceptable but desirable.

Frequently Asked Questions

Is Standard Notes truly end-to-end encrypted?

Yes. Standard Notes uses a zero-knowledge architecture: all encryption and decryption happens on your device before any data is sent to Standard Notes servers. The server stores only ciphertext. Even Standard Notes and Proton AG employees with database access cannot read your notes. The encryption implementation uses established cryptographic primitives (XSalsa20-Poly1305 / XChaCha20-Poly1305 for symmetric encryption, Argon2id for key derivation) and the complete client and server codebase is published under AGPL-3.0 on GitHub for independent verification.

Who owns Standard Notes now?

Standard Notes was acquired by Proton AG in April 2024. Proton AG is headquartered in Geneva, Switzerland, and operates as a privacy-focused company best known for Proton Mail and Proton VPN. Standard Notes continues to operate as a separate product with its own pricing, brand, roadmap, and engineering team. It is not merged into the Proton subscription bundle as of 2026, and prices have remained unchanged following the acquisition.

Can I self-host Standard Notes?

Yes. The complete Standard Notes server and client codebase is published on GitHub under the AGPL-3.0 licence. A Docker-based deployment guide allows you to run your own Standard Notes server on any infrastructure. The official apps (macOS, Windows, Linux, iOS, Android, and web) can be pointed at a self-hosted server. Notes remain end-to-end encrypted in self-hosted deployments: the server stores only ciphertext and never has access to your encryption keys. Moderate server administration skills and a persistent server environment are required.

How does Standard Notes compare to Obsidian or Evernote?

Standard Notes prioritises encryption and longevity. Obsidian stores notes as local Markdown files with no built-in encryption or managed sync (Obsidian Sync is available as a paid add-on), but offers an extensive plugin ecosystem and bidirectional linking for knowledge graph workflows. Standard Notes has stronger privacy guarantees and self-hosted encrypted sync but fewer extensibility options. Evernote is a feature-rich cloud notes platform with no end-to-end encryption, making it unsuitable for genuinely sensitive content. Standard Notes offers the most defensible privacy posture of the three at a lower price than Obsidian Sync plus Obsidian's paid features.

Is Standard Notes GDPR compliant?

Yes. Standard Notes is operated by Proton AG, headquartered in Geneva, Switzerland. Switzerland holds an EU adequacy decision for data protection, meaning it provides equivalent protection to GDPR for cross-border data transfers from EU member states. Data is stored in EU data centres and processed under the Swiss Federal Act on Data Protection and GDPR. The zero-knowledge architecture provides a stronger de facto privacy guarantee than regulatory compliance alone: Standard Notes cannot disclose note contents in response to legal requests because the contents are encrypted with keys only you hold.