Has Standard Notes completed a third-party security audit?
We've completed three (3) security audits to date by industry-leading security firms, which cover the entirety of our ecosystem. You can review the results below.
Client-side Protocol and Encryption Security Assessment
This audit covers the entirety of our shared client-side framework for encrypting and syncing data, and covers our usage of industry-leading algorithms like Argon2 and XChaCha20-Poly1305.
Conducted by Trail of Bits, New York.View Report
Full Ecosystem Penetration Test
This extensive audit covered the entirety of our ecosystem, both client-side and server-side, with the aim of penetrating the code and executables to achieve unintended effects and discover latent vulnerabilities. We're happy to report that 100% of the issues found were promptly resolved.
Conducted by Cure53, Berlin.View Report
Cryptography Design Review
This early audit helped ensure our initial client-side encryption and server-side communication systems were built correctly and strongly.
Conducted by Shackle Labs, United States.View Report
More from Privacy & Longevity
- Who can read my private notes?
- How does Standard Notes secure my notes?
- How does Standard Notes encrypt data on my device?
- What country is Standard Notes located in?
- What happens to my data if Standard Notes disappears?
- What services does Standard Notes use for daily operation?
- What information does Standard Notes collect about me?
- Can I store passwords in Standard Notes?