For our cloud servers and databases, we use Amazon Web Services.
We do not use analytics across our web, desktop, and mobile applications. For our website, we use a self-hosted, privacy-respecting analytics software called Plausible.
For server-side error reporting and monitoring, we use New Relic. We do not collect or store IP addresses as part of our New Relic configuration.
For Windows application code signing, we use a Digicert Extended Validation Certificate. For macOS code signing, we use a verified Apple Developer account. Code signing ensures that the application you download and run has not been modified or tampered with, and does not deviate from the code we produce and ship on our end.
For general email inquiries to firstname.lastname@example.org, we use Google Workspace. For encrypted support to email@example.com, we use Protonmail. Apart from optional Google Drive integration, this marks the only integration point we have with Google. We do not use Google Analytics anywhere in our ecosystem, nor do we use Google's reCAPTCHA for spam control.
This summarizes the list of external services we use in our daily operation.
When it comes to protecting your sensitive, actual data, we're proud to rely on no other entity than the laws of mathematics and cryptography. Your notes are always encrypted with a secure key that no one has besides you, and this key never leaves your computer or touches a cloud. Simply put: you are the only person that can read your private notes.