E2e Encryption
n
nylas
Please consider adding the ability to add full e2e encryption, before moving things into CloudKit.
DayOne is doing this great where on first start the encryption key has to be specified (that's then stored in Keychain for those who want that). All entries are automatically encrypted before uploaded to DayOne servers, and can't get access without specifying the encryption key on a new installation
Some notes may be sensitive, and because we can't specify a custom DB location (like inside a Cryptomator vault), it would be very nice to have e2e directly baked in
Dave
Hi Nylas,
Agree 100%.
We left Noteplan when they moved their services outside the strict Apple ecosystem because we couldn't guarantee an end-to-end encryption (E2EE) solution (whether it was Apple or otherwise). Previously, we also left Daylite from Marketcircle when they transitioned to the cloud like Noteplan.
E2EE is the only 100% secure way for a small business or freelancer to comply with GDPR while using cloud services. Any other compliance solution relies on responsibility (training, processes, audits) and carries risks.
E2EE is the only way to store personal or sensitive data in cloud tools without worrying about leaks, which have become quite frequent lately.
Therefore, I also vote +1 for implementing E2EE on Noteplan, knowing that this option may render some features unavailable.
n
nopi
Encryption by default would be very useful. I hesitate putting friends' addresses and phone numbers in noteplan because I can't protect them enough.