As we have seen in the last few years, even some of the most robustly secured cloud services are vulnerable when hacking occurs. This is not to excuse Evernote's current state of security, which is not terribly different than a lot of mainstream cloud providers, and could be improved. Rather what I am saying is that ANY cloud is vulnerable when hacking occurs. In most cases, even highly secured cloud storage services will be compromised, it just takes longer. EDIT (OOPS this time I really did get my posts mixed up!) Keep in mind that data mining and being hacked are two very different types of events. You (and others in this thread) might also be interested in this blog post from several years ago: Evernote's three laws of data protection The three laws of data protection is a great post, I'm not sure if the comment about not knowing or asking for our passwords bring us to a state of "zero knowledge", but it helps bring a bit more comfort. EverNote is not HIPPA compliant, and as you stated, may never be. Clouds are all vulnerable, but when proper security protocols are in place it can be deemed safe, there are plenty of HIPPA compliant SaaS (Cloud) offerings. Hospitals and other medical operators use them, so having a roadmap or strategy to get there would be nice. When organizations look at their tens of thousands of pages (if not hundreds of thousands or even millions), having a premium service like EverNote there to help with cloud storage and indexing would be fantastic. If it is technical hurdle to allow for "zero knowledge" and still provide indexing, that shouldn't be a hurdle that the brilliant minds at EverNote can't figure out. I have faith, there will be a service like this in the near future.