← Back to Help

How does Standard Notes secure my notes?

All your notes, tags, and other data generated using the Standard Notes applications are encrypted using AES-256 encryption, one of the strongest forms of encryption available.

Your data is encrypted using keys generated from your password. When you choose your account password during registration, we use a password-stretching algorithm called PBKDF2 with over 100,000 iterations to strengthen your password and generate the necessary keys. When you use PBKDF2 with a strong password, your encryption keys become impossible to guess, even with a network of supercomputers.

When you make a change to a note, the note is encrypted using your secret keys. We then "sign" the encrypted text with another part of your secret keys to generate an authentication hash. Upon decryption, this hash is recalculated and compared against the server provided value to ensure that no one, including us, has tampered with your data.

The entire encryption and decryption process happens completely offline and in the safety of your own private device. Once it is encrypted, it is synced to your private notes account over a secure, encrypted connection.

Data stored in your private notes account is completely encrypted and un-decipherable without your encryption key. Even if an attacker or prying eyes got a hold of this data, it would be gibberish to them without your encryption keys.

Finally, it's important to measure security claims beyond face value. Far too many applications and companies claim to protect your data but do not publish source code or security audit results, leaving you to take it on blind faith that your data is safe. Instead, one should look to published third-party security audits of applications who also maintain an open-source repository so that anyone can inspect the code. We're proud to be an open-source notes application with a completed third-party security audit.

You can learn more about the other ways we secure your notes by reading our Privacy Manifesto.