I've been using Evernote for years now and have many thousands of notes stored in the Evernote ecosystem. Evernote is my go-to application for storing all sorts of things from short notes to scanned documents and images and pretty much everything that comes in a digital format or that can be converted into one. Basically my life has been scanned and much of the paper I previously had has made it's final journey to the shredder.

I've always felt that Evernote was pretty secure but from time to time I have had niggling concerns that even though my Evernote data is stored encrypted on Google's servers I am not actually in control of my own encryption keys, Google is. In theory at least it is therefore possible for my material to be accessed by someone other than myself. In fact the plain text versions of my data MUST be accessible at least at some point in order for the data in my Evernote account to be indexed to allow word searching of my Evernote account to take place.

All this got me thinking and I decided that I would feel happier if I did not depend completely on Evernote to retain my privacy but took some additional steps myself. These thoughts coincided with my selecting Tresorit as my preferred cloud storage provider, my primary reason for selecting Tresorit is that it offers true end-to-end zero knowledge encryption. I, and I alone, am in control of the encryption of my data and the passwords used to perform that encryption. The price I pay for this is that if I lose the keys that's my problem and my data is lost and I am fine with this.

Thinking through the contents of my Evernote account it really falls into two categories:

Category 1 - Data that I would be extremely unhappy if it found it's way into the public domain but which needs to be stored securely and safe from natural disasters. This might include some financial information, health information, scans of important legal documents, personal letters, these kinds of things.

Category 2 - Pretty much everything else. This might include lots of file notes, non-critical records of events, information relating to hobbies, old receipts, newspaper clips and sundry other items retained in digital form where the original papers have long since been shredded. These are items I have kept that I don't want to lose but if they appeared on a website somewhere I could live with it!

It seems to me that the number of items that would be identified as Category 1 items are pretty few and far between and they can easily be identified. More importantly the items falling into Category 1 are actually very infrequently accessed and when they are required the need is never urgent. I have therefore decided upon the following strategy.

All Category 1 items are gathered together and using the export feature built into Evernote these notes are exported to create a single *.enex archive file which preserves all the notes, attachments, links and tags relating to each individual note. All the Category 1 notes are then deleted from my Evernote account, this removes any possibility of these notes being accessed.

Having obtained this single *.enex archive file containing all the sensitive information Tresorit comes into it's own. This file is then uploaded to the Tresorit cloud storage system, it is encrypted before leaving my own system and remains encrypted on the Tresorit servers (AES-256 Encryption) where it cannot be accessed by anyone, only I have the keys. If I need the information within these Category 1 notes it is simplicity itself to download the *.enex file from Tresorit and import the notes into Evernote where they then appear in their original format.

Using this approach I retain the convenience of the Evernote system but have the security of knowing that my truly important documentation is protected by the advanced security arrangements offered by the Tresorit service. It is of course also very convenient to export ALL the notes from my Evernote account into a single *.enex archive file and upload that to Tresorit simply as a backup for the whole Evernote system.

This approach also does away with the local storage of any sensitive information on either my local machine or in any local backups, the ONLY records are those residing on the Tresorit servers, which are fully encrypted.