Owner: TMox
December 21, 2016
The site uses SSL. This secures your connection to the server, and data flowing over the Internet is as safe from interception and theft as anything using SSL. You may choose to add another layer of encryption, where your data is encrypted in the browser and sent to the server (and stored in the database) that way. In this case, the clear-text version of your information never exists anywhere except on your machine. Were the database hacked, or if someone stole the database machine and looked through it for your information, all they'd find would be encrypted data.
When encrypting on the client, you enter a pass phase, which never leaves your machine. It's stored in local storage in the browser so you don't have to reenter it each time, but it is cleared when your session ends--when you close the tab or your browser. As nobody ever sees your pass phrase, nobody can ever help you if you lose/forget it. You can employ as many pass phrases as you want (for different sites or pieces of data), but you'll have to keep track of all that yourself. Personally, it'd suggest using only one pass phrase for everything.
Sites, or parts of sites, may be encrypted. Encryption options are: none, mixed, and all. None and all trigger a process whereby all the items involved get pulled to the client from the server and encrypted/decrypted, then sent back and stored. This could take time and bandwidth for a large number of notes. Mixed allows you to encrypt or decrypt individual notes by checking the "Encrypted" checkbox and saving.
To set the encryption option for an entire site, edit the Site Definition. This encryption setting is automatically inherited by everything in the site. To change encryption settings for individual containers (Topics), edit the Topic's encryption option and choose to pass this option on to children or not. In mixed mode, encrypt or decrypt individual notes using the Encrypted checkbox.
The Encryption Page will show you which of your sites have encrypted notes.
Be aware that nobody can see encrypted material without the passphrase. Obviously, you would never want to encrypt a public site.
Also be aware that the encryption process roughly doubles the quantity of data, so more is sent over the wire, and loading is a little slower. The encryption/decryption occurs in your browser, so only you can judge the performance hit from the encryption/decryption routines.
Another point about client-side encryption: Search can't look through encrypted data.