Capacities Docs

Appearance

Why Capacities is not end-to-end encrypted


While end-to-end encryption is desirable and has many advantages, Capacities is not following this principle. Here is why.

Before we start it is important to understand that at the moment your data is encrypted in transit and at rest on our servers. You can read more about it here.

But yes, with end-to-end encryption, your data is more protected. Before it's sent to a server, it gets encrypted, and only you hold the key to decrypt it. This protects you from data misuse and other privacy concerns. You are in full control of your data.

Unfortunately, E2EE comes with some fundamental drawbacks for application design that severely limit the service we can provide. Here are some examples:

  • API access to your data would not be possible: Knowledge management and productivity lives from exchanging information between services, so you don't have to transfer it manually, and you can access it from everywhere. If we had no access to your data on our servers, we would not be able to allow these opportunities.

  • AI assistance in it's current form would not be possible: The AI features in Capacities rely on powerful models that run in the cloud. To do this, we need to send your content to these services. With end-to-end encryption, any AI that goes beyond your own device would not work.

  • Smarter search would not be possible: You can search locally on your device, but we could not offer semantic search. To help you find what you need by what it means, we need to process your content on our servers. End-to-end encryption would make this impossible.

  • The content intelligence would be severely limited: On our servers, we can run sophisticated algorithms to connect information, draw conclusions and run powerful queries to provide the information you need in a specific context. With end-to-end encryption, we would not be able to do this. It would limit the power of Capacities, and we could not provide the service we envision to provide.

  • Capacities could not support integrations: Integrations require processing on a server. By following the strict principle of end-to-end encryption, we could not process messages from WhatsApp, Email, your calendar, Readwise, etc. And, of course, all upcoming integrations would also be impossible.

There are a lot of reasons for end-to-end encryption as well. If this is a deal breaker, we recommend you use a different tool. We are very transparent on how we store and process your data. You can read more about it here.

Nevertheless, we have ideas on enabling partial end-to-end encryption while still providing a good service. We could allow you to encrypt the content section of specific objects. It would then be excluded from search and other features, but you could store sensitive information there. Feel free to share your ideas on our feedback board.


❓  Are you missing something in the documentation?

Ask a question! – The Docs Assistant knows everything about the documentation, and the ideas and feature requests from other users.

Create a ticket on our feedback board. – Let us know if you have an idea for a feature, improvement or think there's something missing.

Request additions to the documentation. – If your questions are not getting answered, let us know and we'll extend the documentation.

Built with ❤️ and ☕️ in 🇪🇺.

Copyright © 2025-present Capacities