How do I lock notes on iPhone?

Install Secure Notes, open a note, and tap the lock icon. Choose a passcode or enable Face ID / Touch ID. You can lock individual notes or entire folders in seconds, with AES-256 end-to-end encryption that Apple cannot read.

Which secure notes app syncs with iCloud?

Secure Notes syncs encrypted notes across iPhone and iPad through iCloud. Content is encrypted on-device with AES-256 before it touches iCloud, so the ciphertext is unreadable to Apple — full E2EE regardless of Advanced Data Protection.

Is Apple Notes end-to-end encrypted in 2026?

Apple Notes is only end-to-end encrypted when Advanced Data Protection is enabled on iCloud (iOS 16.2+). Locked notes use a device-derived password but, by default, iCloud copies are encrypted with Apple-managed keys. Secure Notes is E2EE by default with user-held keys plus a 12-word recovery seed.

What is the best secure notes app for iPhone?

The strongest options on iPhone in 2026 are Secure Notes, Standard Notes, and Notesnook — all offer true end-to-end encryption. Secure Notes is the most iOS-native, with Face ID, per-folder passwords, AES-256, encrypted iCloud sync, and a 12-word recovery seed.

How do I password-protect a note on iPhone?

In Secure Notes, open a note, tap the lock icon, and either use your master password or set a unique password for that note. Face ID and Touch ID act as convenience unlocks. A 12-word recovery seed restores access if you forget the password.

Can I store passwords in Secure Notes?

Yes. Secure Notes is purpose-built for sensitive content — passwords, recovery codes, medical records, private journals — protected by AES-256 end-to-end encryption, biometric unlock, and per-note or per-folder passwords.

Is Secure Notes free on the App Store?

Yes. Secure Notes is free to download and includes all core security features: AES-256 encryption, Face ID, iCloud sync, and the 12-word recovery seed. An optional in-app PRO tier unlocks unlimited secure folders and premium themes.

What Is a Recovery Seed Phrase? (And Why Your Notes App Should Have One)

Quick answer: A recovery seed phrase is a 12- or 24-word backup of the master key that decrypts your data. Crypto wallets popularized them; serious notes apps now use them for the same reason. If the app maker has no copy of your key — which is the whole point of zero-knowledge encryption — then losing your password means losing your data, unless you have a seed. Write it down. On paper. Once.

BIP-39 in 60 seconds

BIP-39 stands for Bitcoin Improvement Proposal 39, ratified in 2013. It defines how to turn raw cryptographic entropy into a sequence of human-readable English words. The spec is short and beautiful: take 128 bits of secure random data, append a 4-bit checksum, split the resulting 132 bits into 12 chunks of 11 bits each, and map each chunk to one of 2048 carefully curated words. The wordlist has no two words sharing their first four letters, which makes shorthand backups possible.

The math is uncompromising. 2048¹² is roughly 5.4 × 10³⁹ possible 12-word combinations — about 128 bits of entropy, the same security level as AES-256 against the best-known classical attacks. A nation-state with a billion GPUs running for a billion years would not exhaust a meaningful fraction of the search space. Twelve words is enough.

The reason BIP-39 leaked from crypto wallets into other privacy software is that it solves a real human problem: how do you write down 128 bits of binary in a form a stressed-out person can actually transcribe? “witch collapse practice feed shame open despair creek road again ice least” survives a paper backup. A hex string does not.

Why E2EE notes need the same model

End-to-end encrypted notes apps face a brutal architectural constraint. If the app maker can reset your password, they have a copy of your key — which means they could decrypt your notes, which means they aren't zero-knowledge. Real zero-knowledge means the publisher has no path to your content. We get into the verification details in our guide to truly private note-taking apps.

That constraint creates a problem for the user: if you forget your password and the publisher can't help, your data is gone. Forever. No customer support ticket recovers it. This is the same problem Bitcoin wallets faced in 2013, and the same solution applies: give the user a recovery seed at setup, make them write it down, and make peace with the fact that you cannot save them from themselves.

Secure Notes generates a 12-word BIP-39 seed when you set up a master password. The seed is shown to you exactly once. It is derived from on-device entropy and is the ultimate fallback if you forget your password. The app maker never sees it. iCloud never sees it. Your responsibility starts the moment you tap “I've written it down.”

How to store your recovery seed safely

The right storage method depends on your threat model and time horizon. Here is the honest comparison.

Storage method	Fire resistance	Theft resistance	Recommendation
Paper in a drawer	None	Low	Short-term only
Paper in fireproof safe	Medium (1-2 hours)	Medium	Good baseline
Stainless-steel plate	High (steel melts at 1370°C)	Medium	Best long-term
Safe deposit box	High	High	Best for inheritance
Screenshot or cloud doc	N/A	Zero	Never
Password manager (independent)	Cloud-replicated	Depends on master password	Acceptable secondary

Practical playbook:

Write it once, on paper, by hand — never paste, never speak it to voice assistants, never type it into a device with cloud sync.
Store the primary copy somewhere fire-resistant — a small home safe rated for at least 30 minutes is fine for most people.
Make one geographically separate backup— sealed in an envelope at a parent's house, a safe deposit box, or a lawyer's office. House fires are the most common reason seeds disappear.
If you hold serious value or sensitive long-term data, upgrade to a steel plate — stamping the first four letters of each word on stainless steel costs about $60 and survives fires that destroy paper.
Never split a seed naively— taking words 1-6 to one location and 7-12 to another is worse than keeping it whole, because each half drops your security from 128 bits to 66 bits and a thief who finds one half has a real shot. Use Shamir's Secret Sharing if you need split storage.

What happens if you lose it

Your notes are gone. This is the part nobody likes to say out loud. In a true zero-knowledge system, there is no recovery channel beyond your password and your seed. The math doesn't care about your situation. The publisher cannot decrypt what they never had the key to. iCloud holds ciphertext. A backup is ciphertext.

If you die without writing your seed down, the notes die with you. That's the price. The same is true of crypto wallets, hardware-locked password managers, and any system where you actually hold the keys. We cover what to plan for in our piece on what happens to iCloud notes when you die — short version: leave a sealed envelope with a lawyer or executor, never the password itself in plaintext to a family member while you're alive.

The tradeoff feels harsh until you compare it to the alternative. Apple-managed iCloud can reset your password — and so can a court, an attacker who SIM-swaps you, or anyone with sufficient leverage on Apple. A zero-knowledge app trades that recoverability for actual privacy. The seed is the receipt. If you treat it carelessly, you get the worst of both worlds: less convenient than iCloud, no more secure. If you treat it like the load-bearing wall it is, you get something Apple itself cannot give you.

Frequently asked: recovery seed phrases

What is a 12-word recovery phrase?

A 12-word recovery phrase is a human-readable representation of 128 bits of cryptographic entropy, drawn from a standardized 2048-word list (the BIP-39 wordlist). Each word maps to 11 bits, so 12 words encode 132 bits — 128 of entropy plus a 4-bit checksum. It's the master key to your encrypted data. Anyone who has it can decrypt everything. Anyone who doesn't, including the app maker, cannot.

Is BIP-39 used outside of crypto wallets?

Yes, increasingly. BIP-39 (Bitcoin Improvement Proposal 39, ratified in 2013) is now the de facto standard for any zero-knowledge app that needs a memorable, transcribable recovery format. Password managers like 1Password use a similar Secret Key. Encrypted notes apps including Secure Notes use a 12-word seed for the same reason: it's portable, language-translated, and survives the death of the original device.

Can I store my recovery phrase in a password manager?

Only if the password manager itself doesn't depend on the same recovery seed. Storing your Secure Notes seed in 1Password is fine because they have independent recovery paths. Storing your 1Password Secret Key in Secure Notes is fine for the same reason. Storing both in the same vault is a circular dependency that breaks the moment you lose either master password. Paper or metal is still the gold standard.

What happens if I lose my recovery seed?

Your encrypted data is permanently inaccessible. This is not a customer-support problem — it's a mathematical one. In a true zero-knowledge system, the app maker has no copy of your key. Apple can't help. The publisher can't help. The only fallback is the master password you set, and if you've forgotten that too, the data is gone. If you die without writing it down, the notes die with you. That's the price of real privacy.

Is a 12-word seed as secure as a 24-word seed?

For practical purposes, yes. A 12-word BIP-39 seed encodes 128 bits of entropy, which is computationally infeasible to brute-force with current or foreseeable hardware. A 24-word seed encodes 256 bits — overkill against classical computers but offers extra margin against future quantum attacks. For an encrypted notes app, 128 bits is the same security level as AES-256 against grover-style attacks. 12 words is the right balance of safety and human transcribability.

How do I back up a seed phrase without a computer?

Write it on paper with a permanent pen, in your own handwriting. Store it in a fireproof safe or a sealed envelope kept somewhere geographically separate from your phone — a safe deposit box, a parent's house, a lawyer. For long-term durability, stamp it on a stainless-steel seed plate (Cryptosteel, Billfodl, etc). Never photograph it, never type it on a connected device unless you're recovering, and never split it three ways without using Shamir's Secret Sharing properly.

What Is a Recovery Seed Phrase? (And Why Your Notes App Should Have One)

BIP-39 in 60 seconds

Why E2EE notes need the same model

How to store your recovery seed safely

What happens if you lose it

Frequently asked: recovery seed phrases

Related guides

Private note-taking apps that actually deliver

Storing passwords in a notes app

Encrypted notes on iOS, plainly explained

Your notes,
locked for good.

What Is a Recovery Seed Phrase? (And Why Your Notes App Should Have One)

BIP-39 in 60 seconds

Why E2EE notes need the same model

How to store your recovery seed safely

What happens if you lose it

Frequently asked: recovery seed phrases

Related guides

Private note-taking apps that actually deliver

Storing passwords in a notes app

Encrypted notes on iOS, plainly explained

Your notes,locked for good.

Your notes,
locked for good.