Privacy isn't a promise. It's an architecture.

When a service says "your data is safe", the phrase by itself doesn't say much. Safe from whom? From which events? Under which law? The answer to these questions depends almost entirely on where that data physically lives and how the service is structured.

Worth looking at the layers one by one.

Where the data physically is

First question: your data is on which machine, in which country?

A European service that hosts on AWS US applies American law to the data it handles, regardless of the company's address. A service that hosts on a VPS in France or Germany applies European law. A service that runs on your computer applies only local laws to you, and there's no third party to ask for access.

Same notes file, three legal regimes. On a US-cloud service: content runs in a database replicated across multiple data centers, accessible by the provider's engineers with the right permissions. A US warrant can reach it. On a European service: content lives on a server in EU jurisdiction. Legal requests go through European law. On your device: content is only there. There's no server to ask.

This is the first concrete lever. Not an abstract legal detail: an infrastructure choice that falls directly on actual protection.

Multi-tenant or single-tenant

Second question: does the service share the same instance among multiple users, or does each get their own?

A real-estate metaphor helps. Multi-tenant is a large apartment building: everyone inside the same building, same plumbing, same pipes. Costs less, efficient, but if a neighbor leaves a faucet open, your apartment can flood too. In technical terms: all data passes through the same processes, the same databases, the same logs. A wrong permission, an unfiltered query, and data gets contaminated between different users. It's happened to large platforms, it happens to small ones.

Single-tenant is a private fenced villa: you have your own pipes, your own keys, your own perimeter. Costs more in resources, less efficient in terms of scale. In exchange, isolation is a structural guarantee, not an application-level promise.

For personal memory — things you really want to protect — single-tenant has an advantage that's hard to match.

Encryption: at rest, in transit

Third question: is data encrypted when it's sitting on disk and when it travels over the network?

In transit is almost a given today (TLS, HTTPS). At rest, no. Many services keep data in plaintext in their databases, counting on server access security. Works until it works. If the server is compromised, the data is readable.

Encryption at rest isn't a silver bullet, but it's an additional layer. Worth asking if it's there.

Backup and recovery

Fourth question, often forgotten: who can access the backups?

Backups often live on systems separate from the main service, with different policies. They can be less encrypted, in different jurisdictions, managed by third-party providers. They're a risk surface that the main service's privacy policy doesn't always cover.

Serious services describe what they do with backups. Less serious services keep them out of the public narrative.

Privacy is hierarchical, not binary

Putting these layers together, a simple fact emerges: privacy isn't an on/off switch. It's a scale.

At the low end: multi-tenant service, on public cloud in foreign jurisdiction, plaintext data at rest, undocumented backups. It's what most people use every day, often without knowing.

At the high end: vault on your device, encrypted, backups managed by you, no third party. Maximum control, maximum maintenance.

In the middle there's a broad range of compromises: dedicated servers in chosen jurisdiction, single-tenant, application-level encryption, documented processes. That's where many serious privacy-oriented services live.

Consequences

Infrastructural privacy isn't a detail for the paranoid. It's the difference between a promise and a guarantee. Promises change as companies and laws change. Structural guarantees don't.

Choosing where your data lives is a technical decision with concrete consequences. Worth making consciously, and once.

Try Timo free for 15 daystimoai.xyz. No credit card required.