Standard Notes is an open-source, end-to-end encrypted note-taking application designed for digitalists, journalists, legal professionals, and privacy-conscious users who need to securely store notes, files, and sensitive information. It solves the problem of vulnerable cloud note services like Evernote or Google Keep by ensuring that data is encrypted on the device before syncing, making it unreadable even to the service provider. The app supports unlimited devices and offers a free tier with full encryption.
Built with TypeScript and React, Standard Notes provides a modular extensible architecture with a web-based interface that can be self-hosted using static HTML, JS, and CSS files. It integrates with a decentralized sync server and supports third-party extensions. Deployment options include cloud hosting, local servers via Python or Node.js, and native apps for macOS, Windows, Linux, iOS, and Android.
What You Get
- End-to-end encrypted sync - All notes and files are encrypted on the client side using audited cryptographic protocols before syncing across devices; only the user holds decryption keys.
- Cross-platform sync on unlimited devices - Seamlessly access encrypted notes and files across web, macOS, Windows, Linux, iOS, and Android without device limits.
- Self-hosting capability - Users can deploy their own sync server by cloning the repo, building with Yarn, and serving static files via Python or any web server.
- Markdown and rich text editing - Supports both Markdown and WYSIWYG rich text formats for flexible note creation and formatting.
- Secure file storage - Users can upload and store files (PDFs, images, documents) with the same end-to-end encryption as notes.
- Extensible plugin system - Developers can create and publish custom extensions to add functionality like task lists, code snippets, or finance trackers via the official plugin documentation.
- Offline access and automated backups - Notes and files are stored locally and synced when online, ensuring access without internet and protecting against device loss.
- Listed blogging platform integration - Users can publish blog posts and automated email newsletters directly from their Standard Notes accounts via Listed.to.
Common Use Cases
- Journaling sensitive personal thoughts - A writer uses Standard Notes to diary private reflections, knowing their entries are encrypted and inaccessible to employers or governments.
- Storing legal documents and client data - A lawyer securely stores contracts, client IDs, and confidential communications with end-to-end encryption to comply with data protection regulations.
- Managing financial records and passwords - A user stores bank account numbers, credit card details, and tax documents in encrypted notes to avoid exposure from data breaches.
- Publishing a private newsletter - A journalist uses Listed (integrated with Standard Notes) to write and distribute paid or free newsletters directly from their encrypted notes.
- Developing secure note-taking extensions - A developer builds a custom plugin for code snippet management and publishes it to the Standard Notes extension ecosystem.
- Running a privacy-focused blog - A digital rights activist self-hosts Standard Notes to maintain full control over their content and avoid Big Tech surveillance.
Under The Hood
Architecture
- Monorepo structure using Lerna and Yarn workspaces to isolate core domains like web, desktop, and shared libraries, enabling independent development and versioning
- Clean service layer with interface-based contracts that decouple API clients from UI components, promoting testability and reuse
- Centralized utilities and constants across packages reduce duplication while maintaining clear boundaries between frontend, mobile, and backend concerns
- Dependency injection via interface contracts allows seamless substitution of implementations, such as mock APIs in testing environments
Tech Stack
- TypeScript with comprehensive type checking and tooling (ESLint, Prettier) uniformly enforced across all packages
- Next.js and Webpack power the web frontend, while Electron enables desktop functionality with shared core logic
- CI/CD pipelines automate versioning, changelog generation, and npm publishing using conventional commits
- Yarn Plug’n’Play enhancements and custom plugins streamline workspace tooling and resolve peer dependency conflicts
Code Quality
- Extensive test coverage across unit, integration, and domain-specific scenarios with robust mocking patterns
- Strong type safety through interfaces, discriminant unions, and runtime type guards ensuring data integrity
- Consistent, domain-driven naming and modular organization following clean architecture principles
- Comprehensive error handling with custom error classes and structured responses for predictable failure modes
What Makes It Unique
- End-to-end encrypted shared vaults with decentralized trust via cryptographic contact verification, removing centralized authority
- Client-side root key derivation from passcodes ensures zero-knowledge security without server-side key exposure
- Unified domain interfaces abstract cryptographic operations, enabling consistent behavior across all platforms
- Server-agnostic protocol design decouples frontend logic from backend implementation details
- Extensible item signature validation enables verifiable authorship and tamper detection directly in encrypted notes