Evernote Logo

The Evernote Blog

The Evernote Blog

Evernote Privacy and Security

Our Notes | By Dave Engberg
36 comments
featgreen

Security and privacy are extremely important topics for Evernote users, and for good reason. Evernote would like to provide a single service to manage your memories for many years. To achieve this, we must provide a very high level of system and data security while offering users a variety of choices to manage their own privacy requirements. Here is a high-level overview of some of the ways in which your data is protected by Evernote.

When you add a note to the service, it is secured like your email would be at a high-end email provider. This means that your notes are stored in a private, locked cage at a guarded data center that can only be accessed by a small number of Evernote operations personnel. Administrative maintenance on these servers can only be performed through secure, encrypted communications by the same set of people. All network access to these servers is similarly protected by a set of firewalls and hardened servers. Your data is only transmitted to the servers in encrypted form over SSL, and your passwords are not directly stored on any of our systems.

We also offer enhanced privacy options that would not be available from services like email:

If you have sensitive text that you would like to remember (passwords, PINs, credit card numbers), you can encrypt that text in our Windows and Mac clients using a passphrase that is never transmitted to Evernote. This encrypted text can only be decrypted and read on one of your computers after you’ve re-entered the encryption passphrase. The sensitive text is not readable on our servers or on your computer by anyone who does not know the passphrase.

If you have some notes that you only want to access from a single computer, you can place these into a “Local Notebook” on our Windows or Mac client. Notes in a Local Notebook are never transmitted to our service, so they aren’t accessible from the web, or from your other computers. This may allow a greater level of privacy for some notes, at the expense of the accessibility and reliability you would get from a private note on the service.

Evernote recognizes that user choice is an important component of privacy and security. We believe that no single option is going to meet the needs of all users, so we aim to offer a set of tools that let people balance their needs for accessibility, privacy and control.

Update: How to encrypt and decrypt text in Evernote

You may also like

  1. Security Notice: Service-wide Password Reset
    Security Notice: Service-wide...
  2. featbeige
    Evernote’s Three Laws of Data...
  3. ThinkWasabi interview with Evernote CEO, Phil Libin
    ThinkWasabi interview with Evernote...
Older Comments
Newer Comments
  • florian

    what about the text encryption? i cant do it? where do i find it?

  • http://www.photogearuser.com Will

    Hi folks,

    I’d also be keen to learn more about the strength of any encryption used. Any chance you could provide more details and perhaps answers to the questions above?

    Also, any plans for a LINUX version of Evernote?

  • Carl Schulz

    Note clearly says that encryption is available on the Windows client. I can not find it anywhere. Please let me know how I can encrypt select notes.

  • Paul Hoffman

    I am a bit concerned about synching from my local client to the Evernote server. I understand that the login is encrypted with HTTPS, but is the data transfer itself? If not, why not?

  • Phil Libin

    Paul,

    Full HTTPS encryption is one of the benefits of an Evernote Premium account. Premium users have all of their data (logins and data transfer) automatically encrypted with HTTPS. Free users get HTTPS for logins but normal HTTP for other data. It’s expensive for us to encrypt all data transfer (especially all the images), so we can only afford to do it for premium users.

  • Phil Libin

    Carl,

    In the Windows or Mac client, select the portion of a note that you want to encrypt, right click, then chose “encrypt…” from the right-click menu.

    You can encrypt any potion of a note (up to and including the entire body). You cannot currently encrypt the title or tags.

  • jimpa

    Encrypted notes? I am sold. Switching to EverNote now and upgrading to Premium.

    The iPhone app and encryption sealed the deal.

    Thanks EverNote!

  • John

    I hope you reconsider universal SSL/HTTPS for syncing. The initial key-pair generation is very CPU intensive, I agree, but the actual data encryption is pretty lightweight. I’m not Net Engineer by any stretch of the imagination, but it’s my understanding that you can set the initial key pair to last for a very long time.

    Privacy and security shouldn’t be premium features, in my view.

    Or perhaps you could offer a third, lowest tier
    for very light users: for $10/year or something, very low monthly bandwidth (free-level, or 2X free, or…), but automatically secure.

    Thanks for the great product, though. While I still go back and forth with OneNote, and while I miss some Evernote 2.2 features big time, Evernote 3 is wonderful, automatic security somewhat aside.

  • John

    Another option for offering free users security is to have Evernote 3 compress and then encrypt sync changes using lightweight encryption–64-bit Blowfish or Twofish, e.g. Not the highest security, but WAY better than nothing, completely preventing casual sniffing and snooping at a coffee shop or in a hotel. Assuming your servers are 64-bit, this should be easy indeed for them to do speedily.

  • deparko

    any consideration with having an option for encrypting the actual data stored at your service? Make it a premium option.

    I’d like to capture bills..etc but they have account numbers..etc so security is very important.

    thanks

Older Comments
Newer Comments
Back to Top