Can Apple read my notes?

Whether Apple can read your Apple Notes depends on three orthogonal settings: where the note is stored, whether it's locked, and whether you've turned on Advanced Data Protection. Most users have at least one of the three lined up against them.

## The four storage modes for Apple Notes

• On My iPhone (local-only). Notes never leave the device. Apple has zero access. To enable: Settings → Notes → toggle "On My iPhone" account on, then move notes to that account.
• iCloud Notes without Advanced Data Protection. Notes encrypted in transit (TLS) and at rest (AES-256) but Apple holds the key. Per Apple's <a href="https://support.apple.com/guide/security/cloudkit-end-to-end-encryption-sec3cac31735/web">CloudKit security guide</a>, this is the default for accounts created before iOS 16.2.
• iCloud Notes with Advanced Data Protection on. End-to-end encrypted. Apple does not hold the key. ADP launched December 2022 in iOS 16.2.
• Locked notes (any storage mode). Encrypted with a user-supplied password derived via PBKDF2. Apple cannot decrypt locked notes even with iCloud key access.

## The four ways Apple cannot read your notes

• Locked notes. Apple's <a href="https://support.apple.com/en-us/HT205794">Notes security documentation</a> confirms the password is never transmitted to Apple and locked-note encryption keys derive only from the user's password.
• ADP-enabled iCloud notes. Apple deleted the iCloud key for these notes when ADP was enabled.
• On My iPhone notes. Never uploaded.
• Notes in third-party Notes-syncing accounts (Gmail, Exchange). Apple never sees these.

## The one scenario where Apple technically could

iCloud Notes without ADP and without lock-on-each-note: Apple holds the AES-256 key, the notes are encrypted at rest, and a US law enforcement warrant compelling Apple to produce the notes would succeed. Apple's 2024 transparency report disclosed 14,832 device requests and 80% compliance. Apple's <a href="https://www.apple.com/privacy/features/">privacy features page</a> reiterates that Apple's business model does not depend on reading your content, but legal compulsion is separate from business practice.

## What about Apple Intelligence reading my notes?

Apple Intelligence launched October 2024 with iOS 18.1. The personalized features (smart replies, summarization, Writing Tools) process notes on-device using a 3-billion-parameter language model. Per <a href="https://machinelearning.apple.com/research/introducing-apple-foundation-models">Apple's Foundation Models research blog</a>, "we never use our users' private personal data or user interactions when training our foundation models." On-device processing means the notes never leave your iPhone for the local LLM features. The optional Private Cloud Compute path documented at <a href="https://security.apple.com/blog/private-cloud-compute/">security.apple.com/blog/private-cloud-compute</a> uses verifiable hardware where "personal user data sent to PCC isn't accessible to anyone other than the user — not even to Apple."

## The lock-everything threat model

If your threat model includes Apple-as-adversary (rare; relevant for journalists, activists, attorneys with sensitive client work), the recommended configuration:

• Turn on Advanced Data Protection. Settings → Apple Account → iCloud → Advanced Data Protection.
• Lock every sensitive note with a strong password. Notes → swipe left on note → Lock.
• Enable a strong device passcode (alphanumeric, not 6-digit). Settings → Face ID & Passcode → Change Passcode → Custom Alphanumeric Code.
• Two-factor authentication on Apple ID (now mandatory for new accounts).

## Bottom line

For everyday users, Apple does not read your notes — not as a business practice, and the encryption stack makes "Apple snooping for ads" architecturally impossible. For users with legal-compulsion threats, ADP + lock + strong passcode + 2FA closes the remaining gaps.