Has Standard Notes completed a third-party security audit?

We've completed four (4) security audits to date by industry-leading security firms, which cover the entirety of our ecosystem. You can review the results below.

  • Server Backend Penetration Test and Security Assessment — 2022

    This audit covered our server applications and services, including syncing, authentication, and files.

    Conducted by Cure53, Berlin.

    View Report
  • Client-side Protocol and Encryption Security Assessment — 2020

    This audit covers the entirety of our shared client-side framework for encrypting and syncing data, and covers our usage of industry-leading algorithms like Argon2 and XChaCha20-Poly1305.

    Conducted by Trail of Bits, New York.

    View Report
  • Full Ecosystem Penetration Test — 2019

    This extensive audit covered the entirety of our ecosystem, both client-side and server-side, with the aim of penetrating the code and executables to achieve unintended effects and discover latent vulnerabilities. We're happy to report that 100% of the issues found were promptly resolved.

    Conducted by Cure53, Berlin.

    View Report
  • Cryptography Design Review — 2017

    This early audit helped ensure our initial client-side encryption and server-side communication systems were built correctly and strongly.

    Conducted by Shackle Labs, United States.

    View Report

Other ways to get help

Browse or post to the forum
Recommended for non-account related issues.
Join the Standard Notes Discord group
Recommended for small talk.
Send an email to [email protected]
Recommended for account related issues.