Menu
Sign in with Apple

Zero-Trust Architecture: What It Means for Your Notes

January 12, 2026 KetBook Team

Zero-Trust Architecture

When we say KetBook has "zero-trust architecture," we mean it literally. Let's break down exactly what that means and why it matters.

What is Zero-Trust?

Traditional note-taking apps use a trust-based model:

Your Mac → Company's Servers → Company's Database
         ↑
    You trust this

You trust that:
- The company won't read your notes
- Their security is strong enough
- They won't get breached
- They won't change their policies
- They won't analyze your data

KetBook uses a zero-trust model:

Your Mac → Your iCloud Account
         ↑
    No trust needed

We literally cannot access your data. There's nothing to trust because there's no access to grant.

How It Works

1. Apple Sign In

When you sign in, we get a token from Apple that proves you are who you say you are. We don't see your Apple ID password. We don't store credentials.

Apple says "this token represents user X" and we believe Apple (not you, not us – Apple).

2. CloudKit Private Database

Your structured data (note metadata, tags, folders) lives in CloudKit Private Database.

This is:
- Part of your iCloud account
- Encrypted by Apple
- Accessible only by your Apple ID
- Not visible to us

We can't query it. We can't read it. We can't even see that it exists.

3. iCloud Drive

Your note content lives in iCloud Drive.

Same deal:
- Your iCloud account
- Your encryption keys
- Your control

We don't have access. We don't have backdoors. We don't have "emergency access" or "support access" or any other kind of access.

4. Client-Side Everything

The KetBook app on your Mac:
- Reads from your iCloud
- Writes to your iCloud
- Searches your local database
- Never sends data to us

Because there is no "us" to send data to. We don't operate servers that process your notes.

What About AI Features?

Good question. How can we offer AI features without accessing your notes?

We don't. You do.

When you enable AI features, you provide your own Ollama Cloud API key. Your notes are sent from your Mac to Ollama Cloud (not to us). The AI processes them. The results come back to your Mac (not to us).

We facilitate the connection, but we never see the data in transit.

Threat Model

Let's talk about what this protects against:

✅ Protected Against

  1. Company Breach - We have no database to breach
  2. Rogue Employee - Employees can't access what doesn't exist
  3. Government Subpoena - We have no data to hand over
  4. Acquisition - New owner inherits no user data
  5. Policy Changes - We can't retroactively access historical data
  6. Business Failure - Your data stays in your iCloud even if we shut down

⚠️ Not Protected Against

  1. iCloud Breach - If Apple gets breached, your data is at risk (but so is everything else in your iCloud)
  2. Apple Cooperation - If Apple hands over your iCloud to authorities, they can access your notes
  3. Device Compromise - If someone gains access to your Mac, they can read your notes
  4. Weak Apple ID - If your Apple ID is compromised, attacker can access your iCloud

This is not a criticism of Apple. It's reality. Your data is as secure as your iCloud account.

But crucially: it's not as secure as our security. It's as secure as your security.

Open Source?

KetBook is not open source (yet). But the architecture is transparent:

  1. Check your iCloud Drive – you can see the note files
  2. Check CloudKit Dashboard – you can see the database schema
  3. Check Action Log – you can see every API call the app makes

We're not hiding the implementation. We're just not exposing the codebase (yet).

Comparison to Other Apps

Security Model Data Location Who Can Access
Traditional SaaS Company's servers Company employees
E2EE SaaS Company's servers (encrypted) Nobody (unless they break encryption)
KetBook Your iCloud account Only you (via your Apple ID)

End-to-end encryption (E2EE) is great. But it still requires trust that:
- The encryption is implemented correctly
- The company isn't logging keys
- There are no backdoors
- The encrypted data won't be seized

With KetBook, there's nothing for the company to do wrong. We don't have your data. We can't mess up what we don't have.

Is This For Everyone?

No.

If you need:
- Web access
- Collaboration
- Team features
- Platform independence (Windows, Linux, Android)

KetBook is not for you. These features require central servers. We don't do that.

But if you want:
- Maximum privacy
- Zero company access to your notes
- Native macOS experience
- iCloud sync across your Macs

KetBook is designed specifically for you.

Want to dive deeper? Check out our Documentation or contact us with questions.