EVERNOTE FOR BUSY LEADERS

Is Your Data Safe in Evernote?

| | | | |

In the last few months, Evernote has become my digital filing cabinet. It has enabled me to go completely paperless. Once I scan the paper into Evernote, I toss it into the recycling bin. Simple. Clean. Efficient.

An Illustration of a Door to a Bank Vault - Photo courtesy of ©iStockphoto.com/Madmaxer, Image #13516826

Photo courtesy of ©iStockphoto.com/Madmaxer

However, as I have shared my enthusiasm for Evernote, several readers have expressed their concern for the safety of their data. Some have asked:

  • What happens to my data if Evernote goes under?
  • Who owns the data, since my information syncs to the Evernote servers?
  • Do Evernote employees have access to my sensitive data? What if there’s a security breach?
If you are just getting started with Evernote, I suggest that you buy Brett Kelly’s remarkably practical e-book, Evernote Essentials, Second Edition. It is worth setting aside a couple hours to work through this brief, 95-page book. It will save you DAYS of learning Evernote on your own.

I have researched Evernote pretty thoroughly, and I have concluded that my data is safe for the following six reasons:

  1. Evernote is a successful, financially-solid company. Currently, the company has over six million users and more than 200,000 Premium (paid) users. It has raised three rounds of funding, including $20 million in its last round. Its investors include some of the biggest names in Silicon Valley. This is no guarantee that Evernote will make it, but certainly a lot of very smart people are betting on it.
  2. Evernote has a clear data-ownership policy. Phil Libin, CEO of Evernote, has blogged publicly, “We do not own your data. Putting notes and other content into Evernote does not change its ownership or copyright status. If the data was yours to begin with, it remains yours after you put it in Evernote … you retain all the rights to your data.”
  3. Evernote data is stored both locally and in the cloud. This is the beauty of cloud (remote server) technologies. A copy of my data is stored on Evernote’s servers and backed up by them. However, unlike some other cloud services (e.g., Google Calendar), my data is also stored locally on my hard drive. Even if the Evernote servers go down, I have the most recent copy of my data.
  4. Evernote can encrypt sensitive data within a note. If you have something within a note that you want to keep private—passwords, financial information, counseling notes, etc.—you can do so by highlighting the data, right-clicking, and selecting “Encrypt selected text.” You will then be prompted to enter a password. In order to view that information in the future, you (or anyone else) will have to enter the password to do so.
  5. Evernote data can be stored only on your local machine. When you create a notebook, you have the option of creating a local notebook or a synchronized notebook. The notes within a local notebook will not be sent to the Evernote servers. As a result, they will not be synched on your other devices (e.g., iPad, iPhone, Blackberry, etc.). However, they will be totally secure—or at least, as secure as your local drive.
  6. Evernote data can be exported and taken elsewhere. Not only does the company provide ten ways to get your information into Evernote on sixteen different devices, but it is committed to making it easy for you to get all of your data out of Evernote as well. Using the desktop software, you can export all of your notes and content in HTML or XML format. As they say on their blog, “Our philosophy is that if you’re confident that you can leave Evernote at any time, then you’ll be confident enough to want to stay.”

There are no absolute guarantees in the world of digital media and cloud storage, but this is compelling enough to me. I use the various security tools Evernote provides and keep my local Evernote database backed-up. As a result, this is just not something I spend time worrying about.

Update: If you need something even more secure than what Evernote offers out-of-the-box, you can store your database locally on an encrypted database. If you are on a Mac, you can follow this guide. I am using this now. It took me less than ten minutes to set it up.

If you are on a PC, you might check this guide. You might also consider a free product called TrueCrypt. This is a free, open-source solution. However, I don’t have a PC and haven’t tried it.

Thanks to Atle Iversen, who works for the company that makes Dropbox. In the comments below, he suggested the encryption option for more sensitive data and recommended TrueCrypt.

Question: Are you satisfied with Evernote’s security policies and tools? You can leave a comment by clicking here.
Set up a self-hosted WordPress blog in 20 minutes or less by watching my step-by-step screencast. Also, get a discount on BlueHost web hosting. It is the only hosting service I personally recommend. Learn more ….
| | | | |
Posted on
Categories: Popular, Productivity
Disclosure of Material Connection: Some of the links in the post above are “affiliate links.” This means if you click on the link and purchase the item, I will receive an affiliate commission. Regardless, I only recommend products or services I use personally and believe will add value to my readers. I am disclosing this in accordance with the Federal Trade Commission’s 16 CFR, Part 255: “Guides Concerning the Use of Endorsements and Testimonials in Advertising.”

Please note: I reserve the right to delete comments that are snarky, offensive, or off-topic. If in doubt, read My Comments Policy.

Older Comments

  • Pingback: How to Use Evernote as a Blogger

  • http://twitter.com/sylumer Thought Asylum

    In case anyone wants to dig a bit more into securing Evernote, why not take a look at my Securing Evernote post (Aug 2010)?
    http://www.thoughtasylum.com/blog/2010/8/10/securing-evernote.html

  • Pingback: Evernote vs. Bookmarking and Some Evernote Tips « The Art & Business of Filmmaking & Photography

  • Pingback: From Yojimbo to Evernote to Yojimbo to … (Mac)

  • http://www.johnmichaellane.com John Lane

    Do you find that you ever go above the 1gb monthly limit?

    • http://michaelhyatt.com Michael Hyatt

      Not so far. I haven’t even gotten close.

  • http://www.jeffrandleman.com Jeff Randleman

    Thanks for this information.  You’ve answered several questions I had concerning the security of Evernote and my more sensitive information. 

    I’m looking forward to getting meore than a couple thousand documents into Evernote, and seeing how it functions under the weight of all my stuff.  So far, most of my resources filing cabinets have been scanned.  It’s great having everything at my fingertips instead of in a cumbersome metal cabinet.

    Next step, bills and receipts…

    Thanks!

  • Fritz

    One questions – If Evernote goes out of business, how can someone retrieve the content from the local database?  Do you need the evernote application to view the content stored in the evernote database?

    • http://michaelhyatt.com Michael Hyatt

      You would still have your local Evernote client software.

  • John

    I am trying to decide whether to user EVERNOTE or DROPBOX. My only concern with Evernote is I can’t seem to find any information as far as basic security of data on their servers (the cloud). I know I can MANUALLY encrypt / decrypt  with Evernote but Dropbox states their Data Security policy right up front (and I have no affiliation with either company): 

    Dropbox uses modern encryption methods to both transfer and store your data.Secure Sockets Layer (SSL) and AES-256 bit encryption
    Dropbox website and client software have been hardened against attacks from hackers
    Public files are only viewable by people who have a link to the file(s). Public folders are not browsable or searchableDropbox uses Amazon’s Simple Storage Service (S3) for storage, which has a robust security policy of its own. You can find more information on Amazon’s data security from the S3 site or, read more about how Dropbox and Amazon securely stores data.ANY FEEDBACK REGARDING “DATA STORAGE SECURITY” WOULD BE WELCOME. IT SEEMS THAT DROPBOX IS PROVIDING FEWER STEPS THAT A USER NEEDS TO TAKE TO “SECURE” THEIR DATA. I WANT TO PUT ALL MY PERSONAL AND SENSITIVE INFO INTO THE PROGRAM I CHOOSE AND I HAVEN’T SEEN A POLICY STATED SUCH AS ABOVE FROM EVERNOTE.THANKS,

  • http://pulse.yahoo.com/_PQAFL7IPGECSIQNVBNPVFG6UFU Charles Gambrell

    I created an Evernote account over a year ago when my son told me about it but had not used it for anything.  Since I read your blog entries I have started using it and so far have been pleased.  Thanks for your reports on it and please continue to share your insights and suggestions.

    • http://michaelhyatt.com Michael Hyatt

      You are welcome, Charles.

  • Brett

    Hi,
    I have been using Evernote since its early days and I’m still a premium user.  However, just a word of caution.  I’ve lost notes and attachments with Evernote in the past.  You need to be very careful about backing your data up to your harddrive or to something like Dropbox (Dropbox is my number one tool now).

    The whole online security issue of my  documents in Evernote has never been a concern of mine.  My issue has been with losing important documents and this has happened to me a number of times.  There are some reports out there of this happening to others as well.  I can understand why Evernote won’t acknowledge this happening because it goes to the core of that they do, but it is an issue and don’t be surprised if your documents go missing from time to time. 

    Sorry for the dampener on what really is a great concept and execution of useful software, but it now scares the hell out me to attach an important document or note in Evernote.

    Regards
    Brett

    • http://michaelhyatt.com Michael Hyatt

      Interesting. This has never happened to me. What kind of hardware and OS are you using?

  • Pingback: A Better Filing System for Public Speakers (and Writers)

  • Mpena518

    Hi, 
    Michael i have a question? 
    I inspect about 30 restaurants for a franchise and i was thinking of using evernotes to store the information of these inspections (including pictures) can this information be seen by others? is it really secure? 

    • http://michaelhyatt.com Michael Hyatt

      I don’t have anything to offer that I didn’t already say in the post.

  • Pingback: 7 Evernote Resources You May Not Know About

  • Pingback: How to Get Your Kindle Highlights into Evernote

  • http://twitter.com/mymadakaja Tami

    Do you pay for evernote or use the free version?

    • http://michaelhyatt.com Michael Hyatt

      I use the Premium (i.e., paid) version. Mainly so I can save more file types to it.

      • Rockguy29

        me too iam premium. I like that get all the features and plus I use it a lot. I have about 2300 notes I have been using it for a little over a year and have 2370 notes and a tshirt too

  • Pingback: How to Scan Documents Directly into Evernote

  • Pingback: How to Get Your Stuff into Evernote

  • Pingback: How to Email Your Documents Directly to Evernote

  • Pingback: Using a Traditional Paper Notebook with Evernote

  • John Mayson

    I met some of the Evernote crew here in Austin a couple of weeks ago.  Nice guys.  Everything you said is true.  I have been moving a lot of data about trying to find what data fits best where.  I’ve never had a problem getting my data back out of Evernote.

    From time to time I try out other note taking solutions.  I’ve yet to find anything as versitile as Evernote.

  • http://www.facebook.com/cdaters Craig Daters

    In your article above you mention that you don’t have a PC (does that mean you’re on a Mac?) TrueCrypt is available on the Mac platform as well and works just as it does on the PC.

    • http://michaelhyatt.com Michael Hyatt

      Yes, I am on a Mac. I have been using TrueCrypt for a while now. It works great.

  • Jimmy H

    Great information thank you.  I like the idea of being 100% paperless and backed up.  Still my only aversion has been storing personal sensitive information.  Will look into TrueCrypt in addition to the peace of mind you have shared. Thanks !

  • Lars

    Thanks for the great article. One thing stays open for me. Is the Mac client syncing with the Evernote-servers via a secure connection or simply via port 80?

    • http://michaelhyatt.com Michael Hyatt

      Honestly, I am not sure. You might try posting this question on the Evernote User Forum.

  • Patrick Pete

    I agree with your assertions about Evernote’s business model as a basis for it’s security.  I am a IT security professional and by default I tend to be skeptical with respect to cloud related privacy, just because of the inherent nature of humans to err, whether it is intentional or not.  But in the same way Google’s business lives and dies on the basis of users belief that Google provides the best possible search results, Evernote depends on users to have confidence that when they use Evernote’s cloud functionality their data is safe from inquiring eyes.  Without it, their business would be finished.

    Nothing is guaranteed, but when you do a cost-benefit analysis, the benefit that Evernote gives you far outweighs the probability that your privacy or data will be usurped. 

  • NoTrusty

    When trying to upgrade to the latest version, Windows squawks about the Evernote installer download being from an unknown publisher.

    Seriously?  Has my computer been hacked so that someone intercepted my download and substituted it with their own, or is Evernote so cheap as to not opt for a secure installation file?

    • http://michaelhyatt.com Michael Hyatt

      You might try posting in the Evernote User Forum for Windows. I’m afraid I don’t have any experience with that version.

  • No One Knows

    You can see the author is not a security professional as database encryption issue is not mentioned. Evernote does not encrypt user databases in the server-side, so if server security is ever breached, it’s all in the clear. Just setting the record straight. 

  • essentiae

    Be sure to backup important attachments outside of Evernote as well… I’ve lost very important attachments when they became corrupt (without any changes to the notes, other than perhaps renaming the folder they were in). Evernote support has been no help in recovering them and b/c the notes were never changed after they were uploaded, there is no “previous version” to restore… Buyer beware.

  • Jaye

    Read this article which states the only security is user name a and password – nothing special. http://antivirus.about.com/od/securitytips/a/evernotetip.htm

  • Pingback: great article on your data in the Evernote cloud. (also stored local) excerpt from michaelhyatt.com:   Evernote is a successful, financially-solid company. Currently, the company has over six million users and more than 200,000 Premium (paid) users. I

  • Pingback: The Dangers of Evernote « Berin Kinsman's Dire Blog

  • Pingback: great article on your data in the Evernote cloud. (also stored local) excerpt from michaelhyatt.com:   Evernote is a successful, financially-solid company. Currently, the company has over six million users and more than 200,000 Premium (paid) users. I

  • http://www.facebook.com/beverlymonical Beverly McGregor Monical

    This is very interesting Angus. I will check it out. Thanks for sharing with me.

  • Pingback: Evernote Review (Part 1) « ngnrdgrl

  • Pingback: How to Organize Evernote for Maximum Efficiency | Michael Hyatt

  • Pingback: Meeting minutes made easy with Evernote for iPad | Active Leadership Development

  • Nico

    Right clicking on a word or number you want to encrypt does not work on the free version (unless I’m doing something wrong).

  • Jeff H

    Hi Michael,
    Wanted to make you aware that the most recent update to the Mac Evernote application (version 3.3.0) has changed the location of the EN database mentioned in the guide that you shared. 

    Instead of the using the folder  ~/Library/Application Support/Evernote, it is now located at ~/Library/CoreData/com.evernote.Evernote. 

    The steps remain the same except to use this new com.evernote.Evernote location instead.

    • http://michaelhyatt.com/ Michael Hyatt

      Thanks for letting me know, Jeff.

  • http://pulse.yahoo.com/_ZBX4HBEWNXPI2RGOW7TT43Q27U Michael

    Recent update bugs have wiped out notebooks. I don’t care how safe and successful Evernote may be, it only takes a bug to loose everything and lately Evernote’s been very lazy in the QA department.

    • http://michaelhyatt.com/ Michael Hyatt

      Interesting. I haven’t had any issues. Are you sure it’s Evernote?

    • http://twitter.com/Sajoba Sally Jo Eberhart

      With the latest update to Evernote, I lost the ability to scan. By reinstalling an older version, and then updating via Evernote and not the App store, I was able to restore the scanning function. I did however “lose” my local notebooks. I keep hearing about backing up your Evernote files locally but am not sure where I am looking exactly. I did have most of them on my old computer and have PDF copies of all so it is mostly an annoyance but want to prevent such from happening again. I do love Evernote but want to make sure I am backing up my local only files.

  • Mike

    A very good question has been posed, but not answered.  “Do Evernote employees have access to my data”?  A more technical version of this question is, “Is my data stored in an encrypted state, and if so how are the encryption keys managed”?  I have been trying to find an answer to this question with no success – not even from Evernote.

    • http://michaelhyatt.com/ Michael Hyatt

      Honestly, I can’t answer it either. Have you left a message on the Evernote Support Forum?

  • Pingback: Organise recipes with Evernote | frugalandthriving.com.au

  • MichaelFreidgeim

    Does Evernote uses httpS ( secure http, AKA SSL) protocol to transfer data between servers and clients?
    If not, content potentially can be sniffed by hackers.

  • MichaelFreidgeim
  • Kim

    I realize I’m late to the party on this thread but in reading the entire post and comments I believe there is one topic that has not been addressed that should be for those who come along later (than even I!).

    With the wonderful cloud data storage model we have to also discuss the increasing (quickly becoming universal) mobile access clients. EverNote provides a beautiful client for mobile devices but this creates a security problem for privacy data. The attachments lay open to exploit on the sdcard of the device. I discovered this in the process of moving my personal records to EN.

    So, while we can comfort folks by with the positives EN offers, I think we should also make sure they realize the actual risk of using EN mobile because the odds are they are going to to so on an iPhone or Android device. For those that say privacy documents are at risk in a paper file, this is true. But there is a big difference between someone snagging my sdcard having all the time in the world to go through my documents versus them sitting in my office and rifling filing cabinets for hours or attempting to remove all my documents to an offsite location for review (picture fork lifts and trucks in my driveway).

    The fact is that the same technology that makes EN (and like products) so alluring to us organizers also makes it alluring to identity thieves – it is easy to access and search data on mobile devices. Anyone have encryption options for Android to offer for use in protecting EN notes locally?

    • Kim

      Immediately after posting this I discovered that newer handsets like the Samsung G3 have sdcard encryption as an option. So, this is acceptable way to address the risks of concern to me for mobile device exposure. Dunder Mifflin beware! I’m going paperless! :)

      • http://michaelhyatt.com/ Michael Hyatt

        Okay. Cool. Thanks for letting us know.

  • aguy

    what about when evernote decides to upgrade and change its policies to sell on your collected data like facebook has.

    • http://michaelhyatt.com/ Michael Hyatt

      If you are really concerned about that, then just store your notes locally and don’t sync to the cloud.

  • jc

    “Do Evernote employees have access to my sensitive data? What if there’s a security breach?” was never answered in this article with respect to the “cloud”.  With such other accolades for Evernote, the answer to this  surely wasn’t something that was accidentally left out.  I get it, you write for a living. Is there an answer to the question, though?

    • http://michaelhyatt.com/ Michael Hyatt

      I don’t know. (How would I know? I don’t work for Evernote.)

      Does the bank have access to your account files? Do administrative and medical personal have access to your health records? Does the waitress have access to your credit card when she disappears in the back of the restaurant for five or ten minutes?
      If you want to worry about this, there is a lot to worry about! (I wrote a book on this issue in 2001, so I am aware of the problem.)

  • Pingback: Strumenti utili ma non (necessariamente) fotografici | Nicola Focci photography

  • Pingback: Technology I Use – Part 1 :: Brian Gatley

Older Comments