Is Evernote Safe for Your Personal Notes?
Evernote was once the leading note-taking application, but its safety profile has deteriorated following the 2023 acquisition by Bending Spoons, significant staff layoffs, a controversial privacy policy allowing employee access to user notes, and a history of data breaches. The platform has lost the trust of many long-time users. While basic security features exist, the combination of ownership changes, reduced staffing, policy concerns, and the company troubled trajectory make Evernote a caution-rated service. Users storing important notes should strongly consider migrating to more trustworthy alternatives.
What Evernote Collects
- All notes, notebooks, tags, and uploaded attachments
- Account profile including email, name, and payment details
- Device information, IP addresses, and usage analytics
- Search queries within the application
- Geolocation data from notes created on mobile devices
Who Sees Your Data
- Bending Spoons S.p.A. as the current owner and operator
- Evernote employees who may access notes under the privacy policy
- Google Cloud Platform as the infrastructure provider
- Third-party analytics and advertising partners
The Bending Spoons Acquisition and Staff Reductions
In late 2022, Italian software company Bending Spoons acquired Evernote. Shortly after, the company laid off most of the existing Evernote staff, raising concerns about the long-term viability and security maintenance of the platform. Reduced engineering staff means fewer resources for security updates, bug fixes, and infrastructure maintenance. The acquisition also moved data governance under Italian and EU jurisdiction, which provides GDPR protections but introduced uncertainty about the new owner long-term intentions for the platform and its users data.
Employee Access to User Notes
Evernote made headlines with a privacy policy update that explicitly allowed employees to access user notes for purposes including machine learning training and quality assurance. While the company partially walked back the policy after backlash, the episode revealed a concerning attitude toward user content privacy. Evernote does not offer end-to-end encryption, meaning the company can read any note stored on their servers. For a note-taking app that people use for personal journals, medical information, and sensitive documents, this lack of content privacy is a significant concern.
Past Security Incidents and Current Risks
Evernote suffered a major data breach in 2013 that exposed 50 million user accounts, requiring a forced password reset. While that incident is older, the combination of reduced security staff under new ownership, no end-to-end encryption, and broad employee access policies means the risk profile has not improved. The platform reliability has also declined, with users reporting sync issues, feature removals, and price increases. The overall trajectory suggests a company extracting value from an existing user base rather than investing in long-term platform security and improvement.
Recommended Privacy Settings
| Setting | Where | Recommended |
|---|---|---|
| Two-Step Verification | Evernote Web > Settings > Security > Two-Step Verification | Enable 2FA immediately if you continue using Evernote to protect against unauthorized access |
| Connected Applications | Settings > Connected Apps | Revoke all third-party app connections to minimize data sharing pathways |
| Device Access | Settings > Devices | Review and revoke access from devices you no longer use |
Safer Alternatives
Our Verdict
Evernote earns a caution rating due to the combination of new ownership concerns, dramatic staff reductions, privacy policy provisions allowing employee access to notes, and no end-to-end encryption. The platform trajectory under Bending Spoons suggests value extraction rather than investment in security and quality. Users with important data in Evernote should export their notes as a backup and seriously evaluate migration to alternatives like Notion, Obsidian, or Apple Notes. If you continue using Evernote, enable two-factor authentication and avoid storing highly sensitive information on the platform.
Related Safety Checks
Frequently Asked Questions
Should I migrate away from Evernote?
Given the ownership changes, staff reductions, privacy policy concerns, and declining product quality, migrating to an alternative is advisable. Evernote offers data export tools that allow you to download your notes in various formats. Notion, Obsidian, Apple Notes, and other platforms offer import tools for Evernote data. If you have years of notes in Evernote, create a backup export even if you decide to stay, as the platform long-term future remains uncertain under current ownership.
Can Evernote employees read my notes?
Yes. Evernote does not use end-to-end encryption, and their privacy policy has included provisions for employee access to user content. While the company states such access is limited and controlled, the technical capability exists. If your notes contain sensitive personal, medical, or financial information, this is a meaningful concern. Consider moving sensitive content to an end-to-end encrypted platform and using Evernote only for non-sensitive information if you choose to continue using it.
What happened to Evernote after the acquisition?
After Bending Spoons acquired Evernote in late 2022, the new owners laid off most of the existing staff, raised prices, removed features from lower-tier plans, and made controversial privacy policy changes. Many long-time users have expressed frustration with the direction of the product. The reduced team raises questions about ongoing security maintenance and feature development. While the platform still functions, its trajectory has shifted from growth and improvement to what appears to be a value-extraction model under new ownership.