Evernote Logo

The Evernote Blog

The Evernote Blog

Evernote Privacy and Security

Our Notes | By Dave Engberg
36 comments
featgreen

Security and privacy are extremely important topics for Evernote users, and for good reason. Evernote would like to provide a single service to manage your memories for many years. To achieve this, we must provide a very high level of system and data security while offering users a variety of choices to manage their own privacy requirements. Here is a high-level overview of some of the ways in which your data is protected by Evernote.

When you add a note to the service, it is secured like your email would be at a high-end email provider. This means that your notes are stored in a private, locked cage at a guarded data center that can only be accessed by a small number of Evernote operations personnel. Administrative maintenance on these servers can only be performed through secure, encrypted communications by the same set of people. All network access to these servers is similarly protected by a set of firewalls and hardened servers. Your data is only transmitted to the servers in encrypted form over SSL, and your passwords are not directly stored on any of our systems.

We also offer enhanced privacy options that would not be available from services like email:

If you have sensitive text that you would like to remember (passwords, PINs, credit card numbers), you can encrypt that text in our Windows and Mac clients using a passphrase that is never transmitted to Evernote. This encrypted text can only be decrypted and read on one of your computers after you’ve re-entered the encryption passphrase. The sensitive text is not readable on our servers or on your computer by anyone who does not know the passphrase.

If you have some notes that you only want to access from a single computer, you can place these into a “Local Notebook” on our Windows or Mac client. Notes in a Local Notebook are never transmitted to our service, so they aren’t accessible from the web, or from your other computers. This may allow a greater level of privacy for some notes, at the expense of the accessibility and reliability you would get from a private note on the service.

Evernote recognizes that user choice is an important component of privacy and security. We believe that no single option is going to meet the needs of all users, so we aim to offer a set of tools that let people balance their needs for accessibility, privacy and control.

Update: How to encrypt and decrypt text in Evernote

You may also like

  1. Security Notice: Service-wide Password Reset
    Security Notice: Service-wide...
  2. featbeige
    Evernote’s Three Laws of Data...
  3. ThinkWasabi interview with Evernote CEO, Phil Libin
    ThinkWasabi interview with Evernote...
Older Comments
Newer Comments
  • Zeid

    yes please encrypt the local database. I always assumed it was, and was shocked to see that it was not. Or at least enable the option to require the login password before opening it…

  • http://www.jeffpickell.com Jeff

    The only thing holding me back from using Evernote on my Mac, my PC and my iPhone and purchasing the premium version is the inability for me to encrypt the remote files with my PGP key. (or GnuPG key as it were).

    If you added this one ability (along with SSL by default) I would not only purchase this product but sing its praises far and wide!

    Here’s to hoping for an encrypted future!

  • Mike

    I second Jeff! GnuPG (or similar, that works cross-platform, including iPhone) is a must-have feature for me too.

  • Sam

    Any update on a BB version?

  • Privacy

    Doesn’t seem like you care about privacy other than for the premium users, as an incentive to upgrade.

    You can EASILY make it so the CLIENT encrypts the note-data LOCALLY, THEN sends it to the server which STORES it encrypted without so much as decrypting it, and whenever the CLIENT requests data, it receives the same ENCRYPTED data (over regular HTTP, remember, so no overhead), and THEN the CLIENT decrypts it.

    I only see one reason you didn’t do this: Money.

  • Dave Engberg

    P -

    Unfortunately, if we only stored an opaque encrypted backup of your database file on our server, we couldn’t provide most of the features that our users love.

    We couldn’t give you any web or mobile interfaces to access your notes. We couldn’t let you add notes via email/phone/Twitter. We couldn’t index your images for text searching. We couldn’t clip web pages via our bookmarklet Web Clipper. We couldn’t offer cool integrations from partners like Eye-Fi, Pelotonics, etc.

    Basically, half of the great things you see on this blog would disappear.

    I think that what you’re really looking for is just a hard drive backup service for a local application on your computer. You could do this with Evernote if you choose: put all of your notes in “Local” notebooks on your computer and then subscribe to something like Iron Mountain’s secure backup service to store an encrypted copy of your database file.

    Thanks for the feedback.

  • Brad Ruffkess

    Any update on Blackberry support now that Blackberry has App World?

  • Joe Abley

    Dave: I would happily lose all the features you mentioned if the data I want to store was only ever exposed in plain text on the devices I operate.

    What I have been looking for is a single application that provides a rich and pleasant interface on multiple devices for storing and indexing a wide variety of media types.

    Evernote seems like just the right thing, except that it’s unusable for anything other than trivia that I’m not happy to be made public.

    Channel security in the form of HTTP/TLS is an irrelevant distraction.

    It’s a shame — I’d use Evernote all the time, for everything, if it was secure. As it stands the only things I can use it for are things that I don’t particularly care about remembering.

  • ShouldIBScared

    I just purchased the Premium service so I could file everything in my personal life online. I can get it to it from work on the web, from home on the mac client and on my iPhone. I put everything on there. Usernames, passwords, passports, social security cards, checkbook images, etc. I don’t do any local encryption because I think I couldn’t get to that information than on the web or iPhone. I paid for the premium service as it uses SSL. However, how safe is Evernote Premium from my account getting hacked into? Should I be Scared?

  • Michael Fischer

    I agree with Joe.

    I use Evernote for note-editing on my Mac desktops and my iPhone. That’s all.

    I’d be a much heavier user of it and would be more inclined to store work and personal data if the data were encrypted both in transit and server storage.

    I don’t use Web clips, video notes, social network integration, or other features that would expose my data to others.

    For me, anyone other than me is an unauthorized user of my data. That includes Evernote itself.

    Moreover, everyone should be aware that the Stored Communications Act (18 U.S.C. s. 2701) the Government can easily obtain your data from Evernote, and without notifying you. Unless that data is encrypted and Evernote lacks the key, it’s a sitting duck.

Older Comments
Newer Comments
Back to Top