🔒 End-to-end encrypted

Secure, End-to-End
Encrypted Notes.

All content is encrypted directly in your browser. The server never sees plaintext — not even us.

Get started → How does it work?
encrypted-notes.io
Shopping list
Apples, bread, cheese…
today, 2:23 pm
Project ideas
New features for…
yesterday, 9:11 am
Passwords
Server credentials…
Jan 12, 2025
Shopping list
● AES-GCM 256-bit encrypted
Features

Everything you need

No bloat. Just the essentials — secure and fast.

🔒
End-to-end encryption
Every note is encrypted with AES-GCM 256-bit before it leaves your browser. Only you can read it.
🤛
Zero-knowledge
Your password and content never leave your browser as plaintext. The server stores only ciphertext.
✍️
Rich text editor
Bold, italic, headings, lists, code blocks — with live preview and spell checking in multiple languages.
Per-note todos
Attach a task list to any note. Todos can be reordered via drag & drop and are encrypted too.
🔍
Full-text search
Search titles and content of all notes — locally, without any server contact, with highlighted matches.
⏱️
Auto-logout
After 10 minutes of inactivity you are automatically signed out, with a 60-second warning and the option to stay logged in.
📄
JSON export
Export all your notes and todos in one click as a JSON file — in plaintext, for your own backup.
☀️🌐
Dark & light mode
The interface automatically adapts to your system preference — elegant dark or clean light.
⚓️
Keyboard shortcuts
Navigate entirely without a mouse. Ctrl+N for a new note, Ctrl+S to save, arrow keys for the list — and many more.

How it works

Security without compromise

Three simple steps — and your data is permanently safe.

Create an account
You choose a username and password. Two independent keys are derived locally from your password: an auth key for signing in and an encryption key for your data. The password itself never leaves your browser.
Write notes
Each note is encrypted in the browser with a random master key before being sent to the server. The master key itself is also stored encrypted on the server — only you can decrypt it.
Access securely anywhere
On your next login, your browser decrypts the master key locally and loads your notes. The server only ever transfers ciphertext — even a compromised server reveals nothing.

Technology

Under the hood

No marketing promises. Just concrete numbers and standards.

AES-GCM
256-bit encryption for every note — with a unique IV each time
PBKDF2
600,000 SHA-256 iterations for key derivation
0
Bytes of plaintext that ever leave your browser
WebCrypto
Native browser API — no external crypto libraries
CSP
Strict Content Security Policy, no inline scripts

Ready? Takes 30 seconds.

No newsletter, no email — just pick a username and password.

Open Encrypted Notes →