Choose up to 4 apps for comparison (4 apps currently selected):
What measures are taken to ensure customer data remains private, even to employees of the companies themselves? | ||||
---|---|---|---|---|
CapacitiesFull Details | ClickUpFull Details | HeptabaseFull Details | WorkflowyFull Details | |
Explicit security policy An explicit policy describes how security is implemented, and what access employees have to data. | ||||
Password-protect notes A note or block can have a password applied to hide it | ||||
Encrypted at rest/server-side encryption Documented claim that all note data is encrypted at rest, on the server | ||||
Client-side encryption » Client-side encryption enabled by default for all notesThe entire account's worth of notes, not just individual notes, can be encrypted before leaving the user's device such that the decryption key is not shared with the note app provider | ||||
2FA available Can enable two-factor authentication from within the app (not only via third parties) to protect account access | ||||
Client-side encryption Note data can be encrypted before leaving the user's device such that the decryption key is not shared with the note app provider (sometimes referred to as "end-to-end encryption") | ||||
Explicit security policy » Database access insufficient to decrypt secure note contentNote content can be created such that even a user who gained access to the note app's cloud database (employee or intruder) couldn't decrypt content (i.e., they couldn't obtain a usable decryption key even if possessing the database contents) | ||||
Explicit security policy » Policy that employees will not read note contentA documented claim exists that note content will not be accessed by employees | ||||
Encrypted at rest/server-side encryption » Attachments encrypted at restDocumented claim that all note data and their attachments are encrypted on the server | ||||
Local-only/unsynchronized notes Notes can exist purely on the local file system of the device, without syncing | ||||
Anonymous login App can be used without providing any personal information (including email) | ||||
Client-side encryption » Attachments encrypted client-sideAttachments included with note data are encrypted before leaving the user's device such that the decryption key is not shared with the note app provider | ||||
Self-hosting A private web server can be used to sync note content across devices |