About Keep It Encryption

On Mac, all your Keep It files will be encrypted if you use FileVault. On iPad and iPhone everything is protected with Data Protection.

iCloud Standard Data Protection

With iCloud, at a minimum all data is encrypted while in transit and when stored on Apple’s servers. See Apple's iCloud security overview for full details—Keep It uses the same encryption as iCloud Drive.

iCloud Advanced Data Protection

Apple also offers Advanced Data Protection for iCloud. When enabled, all the files you put in Keep It, thumbnails of those files (that could be of a high enough resolution to reveal their contents), and recognized text will automatically be end-to-end encrypted, which means that only you, not Apple, will have the keys to decrypt that data.

While that E2E encryption automatically covers all the files you put in Keep It, other data will not be end-to-end encrypted for backwards compatibility reasons, such as the names of the files, dates, tags, comments and the brief summaries you see in the list. This data will still benefit from Standard Data Protection. This is consistent with Apple’s own apps.

Encrypted Files

Keep It also offers its own encrypted files, which require a separate password to be viewed. With these, the same will apply as when using E2E encryption, in that only you will have the password to decrypt the files, and Keep It will store that password in your iCloud Keychain, which is end-to-end encrypted whether or not you are using Advanced Data Protection.

These encrypted files in Keep It are actually Zip files encrypted with AES-256, and can therefore be decrypted with the password in the Finder, the Files app on iPad and iPhone, or any other app that understands password-protected Zip files, such as The Unarchiver, and so you will not require Keep It to decrypt them in future.