Privacy Stack
The Privacy-First Productivity Stack
A curated list of privacy-respecting tools we use and recommend alongside Super Productivity. No paid placements, no affiliate links, no sponsored ranking.
Most knowledge workers spread sensitive data across half a dozen tools: notes, mail, files, search, calendar, passwords, tasks. If even one of them is data-extractive by default, the rest of the stack is doing less work than it looks.
This page is the stack we run, and what we suggest to people who ask us "okay, my task manager is private — what else should I look at?". It is opinionated and short on purpose. There are larger lists (PrivacyGuides, Awesome-Privacy) that are excellent for breadth.
Disclosure: no money changes hands here. We have no affiliate links, no paid placements, and the tools listed have not paid for inclusion. If a tool is on this page it is because we, or our users, actually use it. If you maintain a privacy-respecting tool you think belongs here, get in touch — but expect the same standard.
Notes
Where the rest of your thinking lives. Most note tools are SaaS by default; these are not.
- Standard Notes ↗
End-to-end encrypted notes with a long privacy track record. Open source. Acquired by Proton in 2024.
- Joplin ↗
Open-source markdown notes with optional E2EE sync via Joplin Cloud, Nextcloud, or WebDAV.
- Notesnook ↗
End-to-end encrypted notes with import from Evernote, OneNote, and others.
- Logseq ↗
Local-first markdown outliner with bidirectional links. Open source.
Email is still where projects, contracts, and identity verification flow.
Files and photos
The largest at-rest data surface for most people.
- Ente ↗
End-to-end encrypted photos, plus Ente Auth for 2FA codes. Open source.
- Cryptomator ↗
Client-side encryption for any cloud storage. Use with Dropbox, Drive, or your NAS.
- Nextcloud ↗
Self-hosted file sync, calendar, and contacts. Pairs well with our WebDAV sync.
- Syncthing ↗
Peer-to-peer file sync, no cloud, no account. Open source.
Search
The query stream is one of the most revealing data sets you produce.
Identity and aliases
Email aliasing keeps the rest of your stack from leaking through sign-ups.
VPN
Network-layer privacy for anyone who works from cafés, airports, or hostile networks.
Passwords
A privacy stack without a password manager has a hole at the front door.
Where Super Productivity fits
The piece this stack usually misses: tasks and time
See our privacy and productivity guide for the local-first architecture, or jump to the threat model and data-flow document for the engineering details.
Same threat model
Local-first by default, no account required, no telemetry. Optional end-to-end encrypted sync if you want multi-device.
Same audience
Built for people who already moved their notes, mail, and files away from data-extractive SaaS. Tasks are usually the last leak.
Same documentation standard
Public threat model and data-flow doc in the main repo. Verifiable claims, no marketing-only privacy.
Try the missing piece
Open source, local-first task manager and time tracker. Pair it with the rest of your stack.