“Second brain” apps — tools for capturing notes, ideas, journal entries, and reference material in one searchable place — have quietly become some of the most personal software people use. Years of half-formed thoughts, private reflections, project ideas, and personal records accumulate in these apps, often without the same scrutiny people apply to, say, a photo library or a messaging app.
In 2026, nearly every major note-taking and personal knowledge management (PKM) app has added AI features — summarization, auto-linking, semantic search, AI-generated meeting notes. Those features are useful. They also mean your notes are being read by something other than you, possibly for the first time since you wrote them.
What’s Actually in a Second Brain
The appeal of PKM apps is that they become a single place for everything: meeting notes, journal entries, half-finished essays, reading highlights, personal goals, financial planning notes, medical questions you wanted to ask a doctor, drafts of difficult conversations you were planning to have.
This is a different category of data than most people think about when they think about “privacy.” It’s not a photo of your face or your location — it’s your actual thinking, often written in a more candid and unfiltered form than anything you’d post or send to another person. A second brain, by design, captures things you haven’t shared with anyone.
That makes the question of who else can read it — and what happens to it when they do — more significant than it might first appear.
How AI Features Actually Access Your Notes
When a note-taking app adds an AI feature — “summarize this page,” “find related notes,” “generate meeting notes from this recording” — that feature has to work somehow. In almost every case, it works by sending the relevant content to a server, where it’s processed by a language model, and the result is sent back.
For cloud-based apps, this is often an extension of infrastructure that already exists — your notes are already on their servers, so sending them to an AI processing pipeline is a relatively small architectural step. For local-first apps, AI features often require either running a model locally (resource-intensive, and historically lower quality) or — more commonly in practice — sending content to a cloud AI provider anyway, which is a meaningful departure from the “your notes never leave your device” promise that drew people to local-first tools in the first place.
The key questions for any app with AI features:
- Is AI processing on by default, or opt-in?
- Where does the data go — the app’s own infrastructure, or a third-party AI provider?
- How long is it retained, and is it used to improve the underlying models?
A Worked Example: Notion AI
Notion is a useful case study because its documentation is relatively detailed about how AI features work, and because its policies have evolved as scrutiny has increased.
By default, Notion states that customer data is not used to train AI models. However, Notion AI features are powered by third-party AI subprocessors — including providers like OpenAI and Anthropic — meaning your note content is sent to those providers to generate responses. For most plans, those AI providers can retain that data for up to 30 days for abuse monitoring; for Enterprise workspaces, Notion states its AI providers use zero data retention.
Notion also offers an opt-in “AI LEAP Program,” where workspaces can choose to share data to help improve underlying models in exchange for early access to new AI features — an explicit trade of data for features, which at least makes the exchange visible rather than buried in a default setting.
The broader point: even a “doesn’t train on your data by default” policy involves your content traveling to third-party AI infrastructure whenever an AI feature is used, with retention windows that vary by plan. Reading the actual policy — not just the marketing page — is the only way to know what applies to your account.
The Local-First Promise (and Its Limits)
A segment of the PKM space — Obsidian being the most prominent example — markets itself around “local-first” storage: your notes are stored as plain files on your own device, not on a company’s servers by default.
This is a genuinely different model, and for the core note-taking experience, it delivers on the promise — your notes can exist entirely on your device, readable by no one else, with no server in the loop at all.
The limits show up at the edges:
- Sync between devices typically requires either a paid sync service (which does involve a server) or a third-party sync solution (Dropbox, iCloud, a self-hosted server) — each with its own privacy properties, separate from the note app itself.
- AI plugins, which are popular in these ecosystems, often work by sending note content to a cloud AI API — the local-first storage model doesn’t automatically extend to AI features built on top of it.
- Mobile apps for local-first tools sometimes have more limited functionality, pushing some users toward sync-based workarounds that reintroduce a server into the picture.
None of this means local-first is a bad choice — it’s often a meaningfully better starting point. It just means “local-first” describes where your notes live by default, not necessarily everything that happens to them once you start using sync or AI features.
What to Actually Look For
Rather than treating “has AI features” as automatically disqualifying — AI features can be genuinely useful — a few questions help separate apps that handle this thoughtfully from ones that don’t:
Can you turn AI features off entirely? If AI processing is opt-in rather than default, you retain control over when your content leaves the app’s core storage.
Is there a clear answer to “who sees my notes”? A privacy policy that names specific subprocessors and retention periods is more trustworthy than one that says “we may use third-party services to improve our product.”
Does the business model depend on advertising? As with photo storage, an app funded by subscriptions has less structural incentive to mine note content for purposes unrelated to the note-taking experience itself.
What happens to your notes if you stop paying, or if the company is acquired? Export functionality and data portability matter more for a second brain than almost any other category of app — these are notes you may want to keep for years or decades, well beyond the lifespan of any single product.
Voice Memos and AI Transcription
A growing number of second brain workflows start with voice — recording a quick voice memo while walking, driving, or thinking through a problem, then having it transcribed into text for the notes app.
Transcription is itself an AI process, and it’s worth applying the same questions to it as to any other AI feature: is the audio sent to a cloud transcription service, how long is it retained, and is it used for anything beyond producing the transcript you asked for? Voice recordings can capture more than the speaker intends — background conversations, names of other people, locations, tone and emotional content that text doesn’t carry.
For voice memos that are genuinely personal — a private reflection, a sensitive conversation you’re processing, voice notes meant only for yourself — the same caution that applies to written journal entries applies here, arguably more so, since audio is harder to redact after the fact than text.
A Simple Framework for Sensitive Entries
Not every note needs the same level of caution — a grocery list and a journal entry about a difficult personal situation aren’t the same category of content, even if they’re sitting in the same app.
A practical framework: as you write or capture something, ask whether you’d be comfortable with a future AI feature processing it — not maliciously, just as part of normal “summarize this” or “find related notes” functionality. For most notes, the answer is an easy yes. For some — deeply personal reflections, sensitive health information, anything involving other people’s private information shared in confidence — the answer might be “I’d rather this stayed untouched by any automated processing.”
For that second category, a few options exist depending on the app: marking specific notes or folders as excluded from AI features (where the app supports it), keeping that category of content in a separate app entirely with no AI features at all, or — for content that’s more “file” than “note,” like a voice memo or a scanned document — storing it in a dedicated private vault rather than the notes app’s general pool.
Where Personal Files and Notes Fit Together
Second brain apps are usually optimized for text — but the personal records people keep increasingly include voice memos, scanned documents, photos of whiteboards, and reference files that don’t fit neatly into a notes app.
daftei is built as a private vault for exactly that material — photos, voice notes, and documents — with AES-256 encryption at rest, TLS 1.3 in transit, and a clear policy: no advertising, no data sales, and no third-party AI training on your content, ever. It’s available on iOS, Android, and the web, with 5GB free and unlimited storage on Pro at $5.99/month (₹249/month in India).
It’s not a replacement for a note-taking app — it’s a place for the personal files that a second brain often references but doesn’t itself store, kept under the same no-AI-training, no-ads commitment regardless of which note-taking tool you use for the writing itself.