🔒 AES Encrypted
🐳 Docker Ready
~90 MB Image
📱 PWA Installable
🔄 Version History
🛡️ Argon2id Hashing
🌙 Dark & Light Mode
📂 Unlimited Folders
Open Source & Self-Hosted

NOTESME.

Your notes. Your server. Your rules.
A lightweight, encrypted note-taking app that deploys in one command. Zero tracking. Zero cloud dependency. Total control.

View on GitHub Try the Demo
NotesMe application interface showing folder navigation, note list with previews, and rich text WYSIWYG editor with images and formatting
~90 MB
Docker image
0
JS frameworks
1 cmd
to deploy
100%
self-hosted
Le Process

Up and running
in 60 seconds.

No complex setup. No configuration headaches. Just your notes, on your server.

01

Pull the image

One single Docker image. That's all you need. Run docker pull ghcr.io/stban1983/notesme:latest and you're halfway there.

02

Configure your .env

Set your username, password, and optionally generate an encryption key for AES note encryption. That's 3 environment variables — done.

03

Launch & write

Run docker compose up -d and open your browser. Your private, encrypted note-taking app is live. Install it as a PWA on your phone for native-app feel.

Features

Everything you need.
Nothing you don't.

Built for people who want a clean, fast, and private note-taking experience without the bloat.

AES Encryption at Rest

Notes are encrypted with Fernet (AES-128-CBC + HMAC-SHA256) before hitting the database. Without your key, data is unreadable.

Rich WYSIWYG Editor

Bold, italic, headings, code blocks, checklists, drag & drop images — a full editor with zero framework overhead.

Version History

Automatic snapshots every 5 minutes, up to 50 versions per note. Roll back to any point in time with a single click.

Unlimited Folders

Nest folders and subfolders however you like. Pin important notes, soft-delete to trash with auto-purge, and export to .txt or .html.

PWA & Offline

Installable as a native app on any device. Works offline in read-only mode. Share content from other apps directly into NotesMe.

Multi-User Ready

Admin panel with full user management. Each user gets complete data isolation — notes, folders, and trash are totally private.

Security

Your data stays
your data.

We built NotesMe with a security-first mindset. No shortcuts, no excuses.

Argon2id Password Hashing

OWASP 2024 recommended algorithm. Brute-force resistant by design.

XSS Protection (Dual Layer)

DOMPurify on the frontend, html.escape() on the server. Both layers, always.

In-Memory Search

Decrypted content never touches the disk. Full-text search runs entirely in memory.

Rate Limiting & Path Traversal Guards

Brute-force protection on login. SVG uploads banned. All file paths validated.

notesme — security audit
$ notesme --check security

[audit] Checking password hashing... ✓ Argon2id
[audit] Checking encryption........... ✓ Fernet AES-128-CBC
[audit] Checking XSS protection...... ✓ DOMPurify + server-side
[audit] Checking rate limiter......... ✓ 5 attempts / 15 min
[audit] Checking file uploads......... ✓ SVG banned, MIME enforced
[audit] Checking path traversal....... ✓ basename + realpath

▸ All checks passed. Your notes are safe.
Tech Stack

Lightweight. No bloat.

Python 3.12
FastAPI
SQLite (WAL)
Vanilla JS
Docker
Fernet / AES
Argon2
Ready?

Take back control of
your notes.

Open source, MIT licensed, forever free. Deploy on your NAS, your VPS, or your Raspberry Pi. It's yours.

Star on GitHub Live Demo

MIT License · No telemetry · No vendor lock-in

🎉 Try it right now

The demo resets every hour. Play around, break things, explore freely.

User: demo
Password: notesme

Open Demo →