Obsidian is a local-first notes app, reviewed for local storage, Sync/Publish privacy, sharing, retention, and user controls.
90
Excellent
90
Excellent
Obsidian stays private by default when notes remain local, but Sync, Publish, and plugins can quickly change that posture.
Obsidian is strongest where its local-first model keeps notes out of cloud AI and ad systems unless the user explicitly turns those features on.
Its weakest area is retention and exposure through optional services, because Sync, Publish, backups, and plugins can widen the note surface fast.
95
Excellent
Obsidian says desktop and mobile vault data is saved locally on the device and is not sent to Obsidian servers by default.
Users can avoid Obsidian-hosted services entirely and keep private notes outside vendor AI pipelines.
Optional Sync and Publish are separate choices rather than mandatory note-processing defaults.
85
Good
85
Good
85
Good
90
Excellent
Obsidian Privacy Page
Open: obsidian.md1. Devices
Obsidian says desktop and mobile vault data is saved locally on the device and is not sent to Obsidian servers by default.
2. AI Use
Users can avoid Obsidian-hosted services entirely and keep private notes outside vendor AI pipelines.
3. Optional Sync
Optional Sync and Publish are separate choices rather than mandatory note-processing defaults.
4. AI Use
Community plugins and third-party AI add-ons can still create their own note-processing and training exposures.
Founded
Unknown
Founder
Unknown
Parent Company
Obsidian
Lifecycle
Active
Category
Productivity & Collaboration
CEO
Unknown
Security Team
In house
Date Added
05-18-2026
Once you delete a chat, you cannot recover it. Deleting a chat removes it both from your visible chat history and the system after the retention window.
Community plugins and third-party AI add-ons can still create their own note-processing and training exposures.
85
Good
Local vaults do not have to be shared with Obsidian at all when users stay off optional cloud features.
Users decide whether to enable Sync, Publish, and community plugins that move note data beyond the local device.
The policy documents security measures and optional service boundaries instead of treating every vault as always-online content.
Once users enable Sync, Publish, plugins, or outside integrations, vault content may be processed by those additional services.
85
Good
A local vault avoids routine cloud analytics over note content.
The core product posture is far less tracking-heavy than ordinary cloud collaboration suites.
Users can separate sensitive note-taking from the website, account, and plugin ecosystems when they want a stricter setup.
Website, account, Sync, Publish, and plugin ecosystems still introduce some ordinary analytics and operational tracking.
85
Good
Users can keep vault data on their own devices and delete it directly without waiting on vendor retention cycles.
The policy says expired Sync or Publish subscription data remains on servers for one month and is then deleted permanently.
Users can maintain their own offline copies and exports rather than depending entirely on vendor retention behavior.
Optional cloud services and external plugins can impose separate retention behavior outside the local vault model.
90
Excellent
Users choose where the vault lives and can keep it entirely local.
Sync, Publish, and plugin installation are all optional user decisions instead of hardwired defaults.
Plain-file exports and local ownership give users a durable exit path.
Privacy can degrade quickly if users install unreviewed plugins or route notes into outside AI services.
