Notes is a privacy-friendly app. TL;DR: it does not upload your data anywhere without your consent. Continue reading for details.
Your data stays with you
Your data belongs to you. Notes does not upload the data you enter into the app anywhere, unless you enable cloud synchronisation or cloud backups. The only data collected is some basic analytics and crash/error information, as detailed in the Data Safety Overview in the Play Store and privacy policies below.
Optional cloud synchronisation/backups
The ability to use cloud synchronisation is fully optional and disabled by default. If you do not use it, it is important to keep a proper backup of your data, because if you lose your phone you will lose your data if you have no backup or synchronisation.
• End-To-End Encryption (E2EE)
When using the optional cloud functionality, you can enable End-To-End Encryption. This prevents any cloud services from reading your data, because it’s encrypted with a key that’s protected with a password only you have. For more information about E2EE in general: Wikipedia: End-To-End Encryption. For more information about the implementation in Notes: https://www.notesforandroid.com/security/.
• Your own cloud
Starting from version 10, Notes supports using your own, self-hosted cloud! See the announcement: Notes 10.0 offers WebDAV support.