I’ve searched the community forums for information regarding whether supernotes data is E2EE and encrypted at rest, but only found a few older posts stating E2EE is on the roadmap and data is not encrypted at rest.
What’s the current situation, and what’s on the roadmap still?
Thanks
Hi @binarysneaker, welcome to the Supernotes Community!
Supernotes is currently not end-to-end encrypted (E2EE), however this is something we’d still like to offer in the future. Up until now our priority has been building out a great user experience that focuses on easy-of-sharing and portability between your devices – which is at somewhat at odds with E2EE.
Nevertheless, even without E2EE right now, we take your data privacy and security very seriously. Currently your data is always encrypted in transit (forced SSL) and encrypted at rest (AES-256). I hope that helps!
I’m still a bit unclear. When you say “encrypted at rest,” do you mean full disk encryption? Do you mean encryption of the notes on the device but short of FDE? Do you mean encryption of data stored on the cloud only?
Hi @squelch, this gives a more full explanation of what we mean by “encryption at rest” in our cloud context – Encryption at rest in Google Cloud | Documentation.
In our specific case, it also means we ensure all offline database backups are encrypted (again using AES-256).
When you say “offline,” do you mean the notes are encrypted on device? The threat I’m interested in here in particular is loss of physical control of the actual device, via either theft or accident.