Are the notes encrypted on Agenda servers?

sync
security

#1

Do Agenda App devs have access to notes/data that users save in the app? If so, are they encrypted or are they saved/logged in plaintext?


#2

No, we don’t have access to your notes/data. We currently only allow sync through iCloud, which means your file are stored in your own iCloud container without anyone being able to access them but you. The notes never touch any servers we operate. Apple encrypts iCloud content but obviously has access in case of for example a court order.

We soon hope to add support for Dropbox, also here the files would be stored in your private dropbox that we would not have access to.

For both iCloud and Dropbox support we plan to add encryption of files before uploading so that in the future your notes are end-to-end encrypted.


#3


iCloud secures your information by encrypting it when it’s in transit, storing it in iCloud in an encrypted format, and using secure tokens for authentication. For certain sensitive information, Apple uses end-to-end encryption. This means that only you can access your information, and only on devices where you’re signed into iCloud. No one else, not even Apple, can access end-to-end encrypted information.


#4

Is that really true… @Niloc?


#5

Yes. They do however have access to iCloud backups.


#6

Even backups on iCloud are in an encrypted format,
The exception is email.
This information is readily available to check.


#7

My understanding was that Apple still held keys for the encrypted backups. Weren’t the EFF on about that last week?


#8

I concur! Encrypting the notes before sending them to the iCloud would be a great feature to have.


#9

This is correct, while the iCloud content is encrypted in storage, Apple has the keys. It’s indeed why we’d like to add encryption before sending it to iCloud, as @markcodedesign mentions, in a future update.