The entire server infrastructure is hosted by Hetzner in Helsinki, Finland.
The frontend is static and is hosted on Cloudflare Pages. All traffic goes through Cloudflare network, although no unencrypted data ever leaves your device unless you explicitly agree to it in a popup.
We don’t use Cloudflare CDN for hosting user data. All files are stored on our servers and served from there.
DNS and HTTPS certificate provisioning are handled by Cloudflare. Because we’re small, we have to use Cloudflare for DDoS protection.
Source code is hosted by Codeberg in the EU and mirrored to GitHub.
AI features are opt-in. The default AI provider is Cerebras. We also support OpenAI, Gemini and Mistral.
Live security updates to the OS are provided by Ubuntu Pro. Ubuntu Pro cannot alter the source code of Encrypted Notes.
Technically, Ubuntu Pro has access to everything on the server, yet it’s extremely unlikely that Ubuntu Pro will be used for a targeted attack on Encrypted Notes. If Ubuntu Pro is compromised, you’ll see it in the news. The xz-util backdoor and the Crowdstrike situation are good examples of such high-profile incidents.
Also, even if everything on the server is dumped, no meaningful data can be recovered without user keys that never leave user devices.
Dependency monitoring is provided by Snyk. Snyk uses read-only mode and cannot alter the source code by itself — it only signals us that dependencies should be updated. We act on that signal ourselves.
Transactional email services are provided by Amazon SES in the EU region. No sensitive data is ever sent through it. SES only handles outbound emails delivered through no-reply@encryptednotes.com.
All inbound email and all non-transactional outbound email is handled by Proton.
When you respond to a transactional email, e.g. any email from no-reply@encryptednotes.com, your message is delivered to a mailbox provided by Proton. SES cannot see it. From then on, only Proton services are used.
Uptime monitoring is provided by Better Stack. Better Stack is used in a read-only mode and doesn’t know anything about the server, except whether it’s up or not.