Beta software: Nooto is functional but still in active development. Expect rough edges.
Security notice: The encryption design has not been audited by an independent security expert. Use at your own discretion.
Nooto is a note-taking app that keeps your notes private. Everything is encrypted on your device before it ever leaves it, using strong AES-256-GCM encryption. Nobody but you can read your notes, not even us.
Sync is built in and works out of the box. It is optional and cross-device. If you want to go further, you can run your own server and keep full control over where your data is stored.
At a glance:
- Notes are encrypted on your device before sync, no one can read them
- Works fully offline, no account needed
- Sync across your devices using the built-in public server or your own
- Open source and auditable
- Available on Linux, macOS, Windows and Android
Every note, including its title and content, is encrypted before leaving your device. Here is what our server holds for a given note:
uuid: 01938f2a-4b7c-7e1d-a2f3-9c8b1d2e3f4a
content: 8f3a2c1bfe92d4a7c3b1e8f209d4a3c7... (ciphertext)
metadata: 2d1a8b3c4e5f7a9b2c1d8e3f4a5b6c7d... (ciphertext)
No readable title, no readable content, no plaintext of any kind.
Notes are encrypted with AES-256-GCM, which is considered post-quantum resistant. Encryption keys are derived locally from your credentials via Argon2id and never leave your device.
Download the latest installer for your platform from the Releases page.
| Platform | Format |
|---|---|
| Linux x86_64 | .deb, .rpm, .AppImage |
| Linux aarch64 | .deb, .rpm, .AppImage |
| macOS (universal) | .dmg |
| Windows x86_64 | .msi, .exe |
| Android | .apk |
Prerequisites:
- Rust (stable toolchain)
- Node.js >= 20
- Tauri prerequisites for your OS
Desktop:
cd client
npm install
npm run tauri buildAndroid:
cd client
npm install
npm run tauri android build -- --apkNooto includes a public server already configured in the app. You can start syncing across devices without any setup by creating an account on the welcome screen.
If you prefer to host your own server, see the section below.
1. Configure environment
cp .env.example .envEdit .env with your own passwords:
MARIADB_ROOT_PASSWORD=a_strong_root_password
MARIADB_DATABASE=nooto
MARIADB_USER=nooto
MARIADB_PASSWORD=a_strong_password
# Port exposed on the host (default: 3000)
SERVER_PORT=30002. Start the stack
Using the pre-built image from Docker Hub:
docker compose up -dThis pulls clempera8/nooto-server and starts it alongside a MariaDB instance. Migrations run automatically on startup.
To build the image locally instead:
docker compose up -d --buildWithout Docker:
cargo build --release -p nooto-server
export DATABASE_URL=mysql://nooto:password@localhost:3306/nooto
./target/release/nooto-server3. Connect the client
When creating an account or logging in, open Advanced settings and enter your server URL.
Nooto/
├── client/ # Tauri desktop and Android app
│ ├── src/ # React/TypeScript frontend
│ └── src-tauri/ # Rust Tauri backend (local DB, crypto, sync)
├── server/ # Axum HTTP sync server
├── shared/ # Shared Rust types (serialization)
└── docker-compose.yml
Contributions are welcome! Open an issue before starting significant work so we can align on direction.
If you find a security issue, please do not open a public issue, contact me directly.