§ Comparison
Secure Notes vs Standard Notes (2026): iPhone vs Cross-Platform E2EE
Secure Notes vs Standard Notes in 2026: both ship true end-to-end encryption, but differ on platforms, organization model, recovery, and pricing. Which one fits your threat model.
Quick answer: Both apps deliver true end-to-end encryption — this is not a fake-E2EE vs real-E2EE fight. The real question is platform and ergonomics. Standard Notes is the cross-platform answer: iOS, macOS, Windows, Linux, web, and self-hostable. Secure Notes is the iOS-native answer: iCloud sync, per-folder passwords, a 12-word recovery seed, and voice notes in the base app. If every device you touch runs iOS or iPadOS, Secure Notes is the better fit. The moment a Linux box or Windows laptop enters the picture, Standard Notes wins on reach.
Secure Notes vs Standard Notes at a glance
| Feature | Secure Notes | Standard Notes |
|---|---|---|
| Encryption algorithm | AES-256-GCM, PBKDF2 (100k iterations) | XChaCha20-Poly1305, Argon2 KDF |
| Platforms | iPhone + iPad only | iOS, macOS, Windows, Linux, Web |
| Key custody | User — password + 12-word seed | User — password only |
| Organization model | Folders, per-folder passwords | Tags only (no folders) |
| Recovery model | 12-word BIP-39-style seed | Password — no seed, no reset |
| Sync mechanism | iCloud CloudKit (private DB) | Standard Notes sync server (or self-host) |
| Pricing | Free, optional PRO | Free (plaintext only); paid for editors, files, themes |
| Self-hosted option | No — Apple CloudKit only | Yes — Docker-based server |
| Voice notes | Built-in, up to 10 min, transcripts, 0.5×–2× playback | File attachments on paid tier only |
How Standard Notes handles encryption
Standard Notes encrypts every note on your device with XChaCha20-Poly1305 — a modern, fast, well-regarded AEAD construction. The key is derived from your password via Argon2, which is a deliberately memory-hard KDF chosen to slow brute-force attempts. The encrypted blob then ships to Standard Notes' sync server (or to a server you host yourself), and other devices pull it down and decrypt locally. The codebase is open-source and has been independently audited, which lets you verify the claim instead of having to take it on faith.
The standout structural choice is self-hosting. If you don't want any third party — not even one storing ciphertext — sitting in your sync path, you can spin up the official Docker image on your own VPS and route the entire sync loop through your own box. Almost no other notes app of this category offers that, and for some threat models it's the whole reason to pick Standard Notes.
The friction points: the free tier is text-only. No images, no markdown, no rich editor, no file attachments. Rich features come through editor extensions that ship on the paid plan. Organization is tag-only — there are no folders, which the team defends on philosophical grounds but which surprises a lot of users coming from Apple Notes. And recovery is password-only: lose the password and the notes are gone for good. That's the honest tradeoff of zero-knowledge, but it's harsher than the seed-phrase model.
How Secure Notes handles encryption
Secure Notes uses AES-256-GCM with keys derived on-device from your master password via PBKDF2 at 100,000 iterations. Each note is encrypted before it ever touches the network, then synced through Apple's CloudKit private database — the same iCloud pipe Apple uses for its own apps. Apple stores ciphertext. The publisher (PixelPort LLC) has no server-side decrypt path. A subpoena served on either party returns opaque bytes.
Two ergonomic decisions distinguish it from Standard Notes:
- Per-folder and per-note passwords. Standard Notes uses one account password to unlock everything. Secure Notes lets you isolate a folder of financial documents behind one password and a journal folder behind another — different blast radius for different content.
- 12-word recovery seed. At setup, Secure Notes generates a BIP-39-style word list. Write it down, lock it in a drawer or safe-deposit box, and you have a recovery path that survives a forgotten password. Standard Notes has no equivalent.
The thing Secure Notes does notdo is run anywhere except iPhone and iPad. There is no Mac app, no Windows client, no web vault. That's a real limitation if you draft long-form content on a laptop. It's a feature if your threat model is “keep the surface small and the platform trusted.”
Which to use when
Pick Standard Notes if: you write across multiple operating systems, you want the option to self-host, you value an open-source codebase you can audit yourself, or you specifically want a tag-based organization model. The cross-platform story is the headline win — Linux users in particular have almost no other serious E2EE option.
Pick Secure Notes if: your devices are iPhone and iPad, you want iCloud sync to Just Work, you need per-folder password granularity, you want voice notes and transcripts in the base app, or you want a recovery seed instead of a one-shot password. If you also use Apple Notes for low-sensitivity content, Secure Notes slots in cleanly as the vault for the things that actually need a lock.
A reasonable mixed setup: Standard Notes on a Linux work machine for cross-platform drafts, Secure Notes on iPhone for credentials, recovery codes, and personal journals that never need to leave iOS. They don't conflict because they don't share data — and neither can read the other's ciphertext.
Final recap
Both apps are honest about what they are. Standard Notes is a cross-platform, open-source, self-hostable, tag-based encrypted notes platform with a strict freemium tier. Secure Notes is an iOS-native, iCloud-synced, folder-based encrypted vault with per-note locks, voice notes, and a seed-phrase recovery model. The decision is almost entirely about platform reach and recovery philosophy — not about who does encryption “more correctly.” They both do it correctly.
Further reading: the full encrypted note apps comparison or the zero-knowledge architecture explainer if you want to understand the recovery tradeoff before you commit.
Frequently asked: Secure Notes vs Standard Notes
Is Standard Notes really end-to-end encrypted?
Yes. Standard Notes encrypts every note on-device with XChaCha20-Poly1305 before it touches their sync servers. The codebase is open-source and has been independently audited multiple times. The publisher cannot read your notes, and neither can anyone serving a subpoena on their infrastructure.
Why pick Secure Notes over Standard Notes if you're on iPhone?
Three reasons: iCloud sync instead of a third-party server, per-note and per-folder passwords instead of a single account password, and a 12-word recovery seed instead of password-only recovery. If your daily devices are an iPhone and iPad, Secure Notes is the iOS-native answer. Standard Notes makes more sense the moment a Windows or Linux machine enters the picture.
Does Standard Notes support voice notes or rich media?
Only on paid plans, and even then it's bolted on via editor extensions and file attachments rather than a first-class voice recorder. The free tier is plaintext only — no markdown, no images, no audio. Secure Notes ships voice notes with transcripts and variable playback in the base app.
Can I self-host Standard Notes?
Yes. Standard Notes provides a Docker-based self-hosting setup so you can run your own sync server. That's a real differentiator if you don't trust any vendor with even encrypted blobs. Secure Notes does not offer self-hosting because it uses Apple's CloudKit — Apple stores the ciphertext, but only ciphertext.
Which has better recovery if I forget my password?
Secure Notes does. It gives you a 12-word BIP-39-style recovery seed at setup — a phrase you write down once and store offline. Standard Notes recovery is password-only: lose the password, lose the notes. Their team is upfront about this; it's a zero-knowledge tradeoff either way, but the seed model is friendlier to forgetful humans.
Are Standard Notes and Secure Notes interoperable?
No. Both are end-to-end encrypted with different schemes and different key custody, so neither can read the other's data. Migration is manual: export the notes you want to move, then paste them into the new app. There is no automated import for the same reason there is no shared backdoor.
Keep reading
Related guides
Comparison
Best encrypted note apps for iPhone in 2026
Side-by-side comparison of Secure Notes, Standard Notes, Notesnook, Bear, Apple Notes.
Privacy
What AES-256 actually protects
A plain-English guide to end-to-end encryption for iPhone notes.
Privacy
Why local-first note apps matter
Notes that load instantly, work offline, and stay on your device.
Privacy
Zero-knowledge architecture, explained
What it means when an app literally cannot read your data — and what that costs.