Evernote was the original "remember everything" app, and for a decade that pitch worked: receipts, contracts, journal entries, whiteboard photos, tax documents, all of it in one green elephant. Asking "is Evernote safe" in 2026 really means asking two questions. Is the technology private? And is the company holding fifteen years of your life the same one you originally trusted?
The answers are "not in the strict sense" and "no, literally not the same company." Disclosure before we start: I build Scrib, an encrypted notes app for Android and Windows, so I have a stake in this category. The facts below stand on their own.
The Privacy Model: Vendor Holds the Keys
Evernote encrypts data in transit and at rest on its infrastructure, which has run on Google Cloud since its 2016-2017 migration. Like Google Keep, OneNote, and Samsung Notes, it is not end-to-end encrypted: Evernote holds the decryption keys. The consequences are the standard three:
- The company can technically access note content, limited by policy and internal controls, not by cryptography.
- Legal requests reach readable notes. There is a decryptable copy on a server.
- Your account is the perimeter. Evernote works in any browser, so a phished or reused password hands over the whole archive.
Evernote also earned a specific entry in the privacy history books. In December 2016 it announced a policy change that would have allowed employees to read user notes to improve machine-learning features. The backlash was immediate, and Evernote reversed course within days, making any such review opt-in and apologizing publicly. The episode was resolved correctly, but it is a permanent reminder of what vendor-held keys mean: the difference between "cannot read your notes" and "promises not to" is the whole game.
The One Real Encryption Feature
Evernote's desktop apps have a feature most users never find: select a passage of text inside a note, right-click, and encrypt it with a passphrase. That passage is genuinely encrypted, Evernote states it cannot recover the passphrase, and the text stays unreadable until unlocked.
Respect where due, and then the limits, because they are severe:
- Selected text only. Not whole notes, not notebooks, not attachments, not images, not PDFs. The category of thing people actually keep in Evernote is exactly what it cannot protect.
- No search. Encrypted passages are invisible to search, which fights the entire "remember everything" premise.
- Desktop-centric. It is an old feature, awkward on mobile, and easy to lock yourself out of.
It is a feature for hiding a line, not an architecture for private notes. Everything around the encrypted passage remains vendor-readable.
What Changed in 2023, and Why It Matters for Trust
Bending Spoons, an Italian app company, completed its acquisition of Evernote in early 2023. That year it laid off most of the existing staff and moved operations to Europe. Prices went up. In December 2023 the free plan was capped at 50 notes and one notebook, turning the tier most long-time users lived on into a read-mostly museum of their own data.
None of that is a security incident, and to be fair, development pace picked up after years of stagnation. But a privacy evaluation is always an evaluation of a company, not just a protocol. The company now holding your archive has different owners, different staff, different economics, and a demonstrated willingness to change terms on short notice. If the deal you originally accepted was "my notes live with the Evernote I know for free," that deal no longer exists.
Evernote in 2026, Side by Side
| Question | Evernote | Scrib |
|---|---|---|
| End-to-end encrypted? | Only selected text passages (desktop) | Yes, every note, on-device |
| Who holds the key | Evernote (Bending Spoons) | You |
| Account required | Yes | None |
| Free plan | 50 notes, 1 notebook | Unlimited notes, free |
| Cross-device sync | Yes, vendor-readable | No, on-device by design |
| Company history since 2023 | Acquisition, layoffs, price rises | Independent, one developer |
If You Are Leaving: Do the Export First
Evernote exports notebooks as ENEX files, and most alternatives (Joplin in particular) import them cleanly. Export before you decide anything else: whatever you choose next, a local copy of your own archive is the position of strength. Then sort the archive with one question: which of these notes would hurt if a stranger read them? Those move to an app where you hold the key. The rest can live anywhere.
Verdict
As a general-purpose cloud notebook: Evernote still works, and the current team ships. If you pay for it, use two-factor authentication and treat it like the vendor-readable service it is.
As a home for private material: it fails the same test as every vendor-keyed service, with extra history: the keys are theirs, the 2016 episode showed what that means, and the company itself changed hands. For notes only you should be able to read, hold the keys: Scrib on Android, Scrib Desktop on Windows, or Standard Notes and Joplin if you need end-to-end encrypted sync across devices.
Common Questions
Is Evernote end-to-end encrypted?
No. Evernote encrypts notes in transit and at rest on its servers, but the company holds the decryption keys, so it can technically access your notes and can be compelled to produce them. The single exception is the desktop text-encryption feature, which encrypts a selected passage of text with a passphrase only you know.
What happened to Evernote?
Bending Spoons, an Italian app company, acquired Evernote in a deal completed in early 2023, laid off most of the existing staff that year, moved operations to Europe, raised subscription prices, and in December 2023 capped the free plan at 50 notes and one notebook. The product is still developed, but it is a different company and a different value proposition than the Evernote most people signed up for.
Can Evernote employees read my notes?
Technically the capability exists, because Evernote holds the encryption keys and access is limited by policy rather than cryptography. This is not hypothetical as a category: in 2016 Evernote announced a policy that would have let employees read notes to improve machine learning, then reversed it after public backlash and made such review opt-in. Encrypted text blocks created with the desktop feature are the exception.
Is Evernote's text encryption feature enough?
It is real but narrow. In the desktop apps you can select a passage of text and encrypt it with a passphrase, and Evernote states it cannot recover that passphrase. It covers only the selected text: not whole notes, not notebooks, not attachments, not images, and encrypted passages are not searchable. It is a feature for hiding a line, not an architecture for private notes.
What should I replace Evernote with for private notes?
For notes only you can read, hold the keys yourself. On Android, Scrib encrypts every note on-device with AES-256, no account required. On Windows, Scrib Desktop saves AES-256 encrypted files locally and is open source. If you need cross-device sync, Standard Notes and Notesnook are end-to-end encrypted, and Joplin can sync with end-to-end encryption over your own cloud storage.
Keep Reading
- Is Notion Private?: the other everything-app, audited the same way
- Best Private Notes Apps for Android: where ex-Evernote users usually land
- Best Private Notes Apps for Windows: local-first desktop options
- Notes App Encryption at Rest: what "encrypted" actually protects