Standard Notes

Standard Notes is the E2E-encrypted note-taking app with self-host option and cryptocurrency-friendly paid tiers — a cross-platform encrypted notes service where the free tier covers plaintext notes with full E2E encryption, the paid "Productivity" tier unlocks rich text + code editors + themes, and the entire server-side stack is open source so you can self-host. Listed at Grade A because Standard Notes occupies the canonical encrypted notes slot — the closest peer to KeePassXC's local-first password posture, adapted for the notes use case where you want sync without losing the encryption guarantee.

Background. Standard Notes was created in 2017 by Mo Bitar and is operated by Standard Notes Ltd. (incorporated in California). The team transitioned much of its operations and infrastructure focus over the years; in 2024 the company was acquired by Proton AG (the operators of Proton Mail, Proton Drive, Proton VPN), which is a meaningful change in operator profile to be aware of — see Caveats. Pre-acquisition Standard Notes had a strong privacy-first reputation; the post-acquisition continuation has so far preserved the open-source codebase, self-host option, and E2E-encryption architecture. Available for macOS, Windows, Linux, iOS, Android, web with end-to-end encryption on every platform. Open source under the AGPLv3 license; codebase at github.com/standardnotes. Independent security audits by Trail of Bits (2018) and follow-up reviews; audit reports are linked from standardnotes.com.

What you trust. End-to-end encryption — your notes are encrypted client-side with a key derived from your account password; the server stores only ciphertext. Open-source clients + server — every component of the stack is auditable; self-hosting is supported with documented setup. Audit history — Trail of Bits has audited the cryptography; findings were addressed in subsequent releases. Self-host option — if you don't want to trust Standard Notes Ltd. / Proton with your encrypted blobs (even though they can't read them), you can run your own server using the published Docker images and your clients sync against your server. Multi-platform parity — encryption works identically across desktop, mobile, and web; no platform-specific weak link. No telemetry on the free tier — opt-in error reporting on paid plans is documented. Recovery codes — when you sign up, you generate recovery codes; lose your password without backup codes, and your encrypted notes are unrecoverable (the cost of zero-knowledge E2E). What you don't trust: the Proton acquisition operator continuity — see Caveats. Light KYC on signup — Standard Notes requires an email address for the account; this is typical for sync services but is meaningfully different from KeePassXC's no-account model. Use a privacy-respecting email (Proton Mail, Tutanota, or a SimpleLogin alias) if account-creation privacy matters.

Operational specs. Platforms: macOS, Windows, Linux desktop apps; iOS + Android mobile; web client at app.standardnotes.com. Encryption: client-side encryption with PBKDF2 key derivation from account password; AES-256-CBC for note ciphertext; HMAC-SHA-256 for integrity. Sync: encrypted notes sync via Standard Notes server (or your self-hosted server); the server never sees plaintext content. Free tier: unlimited notes (encrypted), 2 devices, plaintext-only editor, basic markdown. Productivity tier: $90/year (~$7.50/month) — unlocks rich text, code editors, multiple themes, file attachments, version history, unlimited devices. Professional tier: higher-end with additional features. Payment methods: credit card, PayPal, Bitcoin, Monero (on annual plans only — the crypto-payment workflow requires an annual commitment to keep account-management overhead manageable). Self-host: open-source server code; deploy via Docker; clients point at your server URL instead of standardnotes.com. Recovery codes: generated at signup; required for password reset (preserves zero-knowledge: server can't reset password for you).

Philosophy. Standard Notes's editorial differentiator is the encrypted-sync with verifiable-self-host fallback model. KeePassXC handles password storage with the local-first-zero-sync posture (you handle sync via your existing file-sync). Standard Notes targets the notes use case where users want active sync across devices and don't want to manage file-conflict resolution themselves; the privacy guarantee comes from E2E encryption + self-host-if-you-want-to. The trade-off vs KeePassXC: account requirement (email), server-mediated sync (even if encrypted), and a paid tier for advanced features. The trade-off vs Notion or Apple Notes: speed (no Notion-style fancy features in the free tier), polished UX (Standard Notes is functional, not Notion-polished), but radically stronger privacy posture. For users who want encrypted notes + sync + a clean privacy story, Standard Notes is the canonical pick.

Grade rationale. Grade A reflects: open-source AGPLv3 codebase (both clients and server); 8+ years of operational continuity (since 2017); independent Trail of Bits audit with public findings; self-host option for users who don't want to trust the hosted server; end-to-end encryption on every platform with documented cryptography; cross-platform desktop + mobile + web with feature parity; cryptocurrency-friendly paid tiers (Bitcoin + Monero on annual plans); cross-listed in Privacy Guides peer directory. Last verified 2026-05-12.

Useful when. You want encrypted notes with sync across desktop and mobile — Standard Notes is the canonical pick. You want a paid plan you can pay for with Monero — Standard Notes accepts XMR on annual plans, a rare offering in the encrypted-notes space. You want self-host capability for a notes app — Standard Notes is one of the few major encrypted-notes services with documented self-host workflow. You're a journalist or researcher keeping privacy-sensitive notes and need them to sync between devices without trusting a cloud provider's content-access. You're already in the Proton ecosystem (Proton Mail, Proton VPN, Proton Drive) and want notes integrated — the post-acquisition continuity makes this natural. You want a rich-text encrypted notes environment with code editors, themes, and attachments via the paid Productivity tier. You want cryptography reviewed by Trail of Bits and updated based on audit findings.

Caveats. Proton acquisition (2024) is a meaningful operator change — pre-acquisition Standard Notes had its own privacy-first reputation; post-acquisition it's now part of a larger Proton portfolio. So far the open-source codebase and self-host option appear preserved, and Proton's own privacy posture is well-regarded, but: evaluate whether you trust Proton's combined-portfolio operator model. If you don't, self-host. Light-KYC signup (email required) — unlike KeePassXC's no-account model, Standard Notes requires an email for the account. Use a privacy-respecting email (Proton Mail, Tutanota, SimpleLogin alias) for the account if signup-privacy matters. Free tier is plaintext-only editor — markdown rendering and rich text are paid-tier features. For users who only need plain text, the free tier is sufficient; for richer formatting, the paid tier is required. Server-mediated sync is unavoidable on the hosted service — even though the server only sees ciphertext, it sees connection timing, sync frequency, and IP-level metadata. Self-host eliminates this; using the hosted service accepts it. Recovery is impossible without password + recovery codes — zero-knowledge encryption means a forgotten password without recovery codes is unrecoverable. Plan accordingly: print recovery codes to paper, store in your KeePassXC database, share a sealed envelope with a trusted party. Paid plans on a yearly basis only with crypto — Bitcoin and Monero payments require an annual subscription commitment; monthly crypto-pay isn't supported, presumably due to account-management overhead. Self-host requires technical setup — Docker deployment, domain configuration, TLS certificates; not a "click to install" experience. For users without server-admin skills, the hosted service is the practical option. Multiple editors are paid features — the productivity-tier editor selection is a paid-tier value-add; for plaintext + markdown alone, the free tier is sufficient. Sync across many devices on the free tier is limited to 2 devices — paid tier unlocks unlimited. No native voice/audio note recording — primarily a text + attachment app; for voice notes, use a separate tool and attach the file.