Free Online Notepad

What an online notepad actually does

An online notepad is a browser-based text editor that lets you write, edit, and save plain or lightly-formatted text without installing software, signing in, or sending content to a server. The cognitive function is straightforward: writing externalizes thought, freeing working memory for new processing. George Miller's 1956 paper "The Magical Number Seven, Plus or Minus Two" established that human short-term memory holds roughly 5 to 9 items at once. Anything you can off-load to a notepad (a phone number, a draft sentence, a list of three errands) is one less item competing for that limited slot. People who write things down complete more tasks, remember more details, and report less mental fatigue than people who try to hold everything in their head.

Browser-based notepads differ from native desktop editors in three meaningful ways. First, zero install means you can use the same tool from any device with a browser, including borrowed computers and locked-down work machines where you cannot install software. Second, localStorage persistence keeps your notes across browser restarts without requiring a sign-up or file-save dialog, lowering friction compared to opening Notepad and remembering to save. Third, modern browsers provide cryptography APIs (SubtleCrypto) that let a browser-based notepad encrypt notes client-side with the same algorithms banks use, without trusting any cloud service.

The trade-offs versus dedicated note apps (Notion, Evernote, Obsidian) are real. A browser notepad has no cross-device sync, no rich linking, no plugins, and limited formatting. What it offers in exchange is simplicity and privacy: nothing to set up, nothing to subscribe to, and no servers seeing your text. For drafting messages before sending, jotting passwords before storing in a vault, capturing meeting notes you will discard, or writing personal reflections you do not want a service provider to scan, that trade-off favors the browser notepad. For long-term knowledge management or team collaboration, a dedicated app fits better.

How this tool works under the hood

The editor is an HTML5 <textarea> element, the simplest editable surface a browser provides. Each tab is stored as its own JSON object in localStorage under a key like notepad-tab-1. When you type, a debounce timer fires 500 ms after your last keystroke and writes the current content to localStorage, then displays a green "Saved" indicator. The 500 ms delay prevents saving on every keystroke (which would waste CPU and battery) while still being fast enough that closing the tab unexpectedly rarely loses more than a sentence.

The encryption option uses the browser's Web Crypto API (specifically window.crypto.subtle). When you set a password, the tool derives a 256-bit AES key from your password using PBKDF2 with 100,000 iterations of SHA-256, then encrypts the note text with AES-256-GCM. AES-GCM is an authenticated cipher: the same algorithm provides both confidentiality and integrity, so if anyone tampers with the ciphertext (or you mistype the password), decryption fails cleanly rather than producing garbled text. The encrypted blob (with a random initialization vector and authentication tag) replaces your plaintext in localStorage, so even if someone gets physical access to your device, they cannot read the note without the password.

Find & Replace uses a simple JavaScript loop over the text, with optional case sensitivity. The download buttons construct a Blob with the appropriate MIME type (text/plain for .txt, text/markdown for .md, etc.) and trigger a synthetic <a download> click. Sharing buttons use the Web Share API where available (navigator.share) and fall back to mailto:, sms:, or platform URL schemes (WhatsApp, Telegram, Twitter) which open the destination app pre-filled. The tool never makes a network request for your content; the share targets open externally with the text passed via URL parameters that your browser hands directly to those apps.

Brief history of text editors

• ed and vi, 1969 to 1976. Ken Thompson writes ed for early Unix in 1969, the first line-oriented text editor. Bill Joy creates vi in 1976 (and later Vim), introducing modal editing on actual screens. Richard Stallman releases the first Emacs the same year. These three families still ship with every Unix and Linux system in 2026.
• Microsoft Notepad, 1983. Notepad ships with Windows 1.0 as a minimal plain-text editor with no formatting, no styles, no spell-check. Its simplicity (and consistent presence on every Windows machine for forty years) makes it a default scratchpad for billions of users. Mac OS gets TextEdit in 2001 as a rough equivalent.
• Web text editors emerge, mid-2000s. Browsers gain rich contenteditable support and JavaScript performance improves enough that web-based editors become usable. CKEditor (2003), TinyMCE (2004), and Etherpad (2008) demonstrate that complex text editing in a browser is practical. Google Docs (2006) brings real-time collaboration.
• localStorage standardized, 2009. The Web Storage spec (Web Storage API) lands in HTML5, giving browsers a 5 MB to 10 MB per-origin persistent key-value store. For the first time, a browser-based notepad can save reliably without cookies or server uploads. The "save without sign-up" experience becomes possible.
• Web Crypto API ships, 2014. The W3C Web Cryptography specification gives JavaScript access to native cryptographic primitives (AES-GCM, RSA-OAEP, ECDSA, PBKDF2). Before this, browser crypto was either insecure JavaScript reimplementations or impossible. After 2014, browser-based notepads can offer client-side encryption with bank-grade algorithms.
• Privacy-first browser notepads, 2020s. As cloud notetaking services accumulate criticism for data mining and breaches (Evernote 2013, Notion AI training, Google Docs scanning), privacy-first browser notepads gain traction. Tools like CryptPad, Standard Notes' free tier, and lightweight encrypted notepads (this one) compete by promising no-account, no-server, no-data-collection workflows.

Real-world workflows

• Drafting messages before sending. Type a difficult email, social-media reply, or chat message in the notepad first, where the lack of a "Send" button gives you space to revise. Once you are happy with it, copy and paste into the actual app. Reduces regrettable sends and lets you write longer, more considered messages than typing directly in a phone keyboard.
• Personal journal and reflection. Daily journaling has documented benefits for mental health and self-awareness. A locked notepad note (AES-256-GCM with a password only you know) gives you a place to write candidly without trusting a third-party app with your most personal thoughts. Closing the browser locks it; opening it requires your password.
• Meeting and lecture notes. Open a fresh tab for each meeting or lecture, type in real time, copy out to a permanent system afterward. The lack of formatting overhead keeps you focused on capture rather than visual prettifying. The 5-tab limit naturally enforces a cleanup workflow: archive or discard yesterday's notes before starting today's.
• Code snippets and command-line history. Developers use scratchpad notepads to draft SQL queries, regex patterns, and shell commands before pasting them into production environments. The monospace-font option keeps code readable. Encrypted notes hold API keys and credentials that you want stored but not in your password manager (e.g., short-lived tokens).
• Research note collection. Students and researchers reading multiple sources paste excerpts and citations into separate tabs (one per source). At the end of the session, copy out into a permanent reference manager (Zotero, Mendeley). The browser notepad is the intermediate buffer between reading and curated storage.
• Creative writing and brainstorming. Distraction-free writing apps (iA Writer, Ulysses) exist because writers struggle with rich-text editors. A plain textarea with Focus Mode (hiding nav and chrome) gives the same minimalist surface. For first drafts, freewriting, and morning pages, simpler is faster than fancier.

Common pitfalls and what they mean

• Browser data wipes erase notes. Notes are stored in localStorage, which is scoped per browser per device. Clearing site data, switching browsers, switching devices, or using private/incognito mode all wipe (or fail to retain) the notes. For anything you need to keep, periodically download as .txt and back up to a permanent location. Treat browser notepad like a scratchpad, not a vault.
• Forgotten passwords mean lost data. Real encryption has no backdoor. If you set an AES password and forget it, the ciphertext is unrecoverable, by design. This is a feature for privacy and a failure mode for everyday use. Use encrypted notes only for content where loss-on-forgetting is preferable to leak-on-breach, and write the password somewhere safe (password manager) until you have memorized it.
• Mobile autocorrect mangles input. iOS and Android keyboards aggressively autocorrect, capitalize, and substitute. For technical content (code, IDs, passwords typed before encryption), this corrupts your text silently. Disable autocorrect via the browser's autocorrect="off" attribute (set on the textarea) or use a paste-only workflow where you compose in a code editor and paste into the notepad.
• Pasted HTML could execute (in rich editors). This tool uses a plain <textarea> which cannot execute pasted scripts. But many "rich" online notepads use contenteditable divs which can execute pasted JavaScript if not carefully sanitized. If you choose a different notepad with rich formatting, verify it sanitizes pasted content; otherwise pasting copied web content can run arbitrary scripts in your browser context.
• localStorage quotas vary by browser. Chrome, Firefox, and Safari give each origin roughly 5 to 10 MB of localStorage. A novel-sized note (300 to 500 KB) fits easily, but storing many large notes (especially encrypted, which is larger than plaintext) can hit the limit. The browser will refuse to save beyond quota with a QuotaExceededError; older notes are not auto-evicted.
• Sharing via URL exposes text. The Share buttons that use URL schemes (mailto, WhatsApp, SMS) pass your note text as URL parameters. URLs can be logged by web proxies, browser history, and the receiving app's server. For genuinely private sharing, encrypt the note first, send the ciphertext, and share the password through a different channel (in person, voice call, or end-to-end encrypted messenger).

Privacy: text stays on your device

Personal notes can include thoughts you would not say aloud, plans you would not announce, passwords you cannot leak, and creative work you do not want scraped for AI training. Cloud notetaking services have a structural conflict of interest: they own infrastructure that costs money to run, and they can monetize user content via subscriptions, ads, or (more recently) training data licensing. Several major notetaking apps have updated their terms of service in 2023 to 2025 to permit using user notes for AI model training. The privacy stakes are real.

This tool stores notes exclusively in browser localStorage on your device. Open the browser's Network tab while typing and you will see zero outbound requests. The optional AES-256-GCM encryption uses the W3C Web Crypto API, a standard with public security analysis and the same cipher recommended by NIST and used by TLS 1.3. PBKDF2 with 100,000 SHA-256 iterations is slower than the current state of the art (Argon2id), but it is the strongest password-based key derivation available in SubtleCrypto across all major browsers. For threats from local malware or determined attackers, no browser tool fully protects you; for threats from the service provider, advertising networks, and cloud breaches, this approach removes them entirely by removing the cloud.

When another tool is the right pick

• End-to-end encrypted sync with Standard Notes. Standard Notes (free tier, open source) provides end-to-end encrypted note sync across desktop, mobile, and web. Encryption happens client-side; the server only stores ciphertext. For multi-device workflows where you need the same notes accessible from phone and laptop, Standard Notes preserves the privacy properties this tool offers while adding sync.
• Joplin for self-hosted and Markdown. Joplin (free, open source) supports Markdown notes, end-to-end encryption, and self-hosted sync via Dropbox, OneDrive, Nextcloud, or its own server. For users comfortable with Markdown and wanting full control over where notes are stored (self-hosted, no third-party server), Joplin is the standard choice.
• Obsidian for knowledge management. Obsidian (free for personal use) stores notes as plain Markdown files in a folder you control, with rich linking, graph view, and a plugin ecosystem. For building a long-term personal knowledge base (PKM, Zettelkasten, second brain), Obsidian's structure beats a flat scratchpad. The free local version stores everything offline; paid sync is optional.
• Real-time collaboration with CryptPad or Etherpad. For shared documents edited by multiple people simultaneously, real-time collaboration is essential and a browser scratchpad cannot provide it. CryptPad (zero-knowledge collaborative editing, free) and Etherpad (open-source, self-hostable) offer this with strong privacy properties. Google Docs offers the same with weaker privacy.

Other frequently asked questions

Will my notes sync between my phone and laptop?

No. Notes are stored in localStorage, which is scoped per browser per device. The tradeoff is privacy: zero cloud sync means zero data leaving your device. For cross-device access, download notes as .txt and email them to yourself, or use a dedicated end-to-end encrypted notetaking app like Standard Notes or Joplin. For most users, a single-device browser notepad covers a meaningful set of use cases (drafting, journaling, scratch work) and a sync-enabled app covers the others.

How strong is AES-256-GCM encryption?

AES-256-GCM is the cipher recommended by the US National Security Agency for protecting top-secret information up to and including TS/SCI classification (per CNSSP-15). It is also the cipher used by TLS 1.3 to protect HTTPS traffic, by VPNs like WireGuard for tunnel encryption, and by disk encryption tools like BitLocker and FileVault. There are no known practical attacks against properly implemented AES-256. The weak point in any browser encryption is the password and the key derivation: if your password is weak or your device is compromised, the cipher cannot save you.

How many tabs can I have open?

Up to 5 tabs, each persisted independently in localStorage. The 5-tab limit is a soft design choice; technically more would be possible, but five enforces a workflow where you periodically clean up old notes rather than accumulating dozens of stale tabs. For more-than-five workflows, consider a dedicated knowledge-management app like Obsidian or Notion where note organization is a primary feature.

What happens if my browser crashes mid-typing?

Anything saved before the last 500 ms-debounced autosave fired is preserved; anything typed in the last fraction of a second since the last save may be lost. In practice this usually means the last sentence or two. To minimize loss, pause briefly after important content to let the autosave fire (you will see the green "Saved" indicator), or hit Ctrl+S equivalents by switching focus elsewhere briefly, which triggers an immediate save in some browsers via blur events.

Can I use this tool offline?

Yes, once the page has loaded. The tool runs entirely in JavaScript with no server calls during editing, so after the initial page load (which requires being online), you can disconnect from the network and keep working. Subsequent visits to the same page require being online again to load the HTML and JavaScript unless your browser has cached the page. For guaranteed offline access, use a desktop text editor (Notepad on Windows, TextEdit on macOS, gedit on Linux).

How do I migrate notes to another app?

Download each tab as .txt, .md, or .doc using the Save dropdown. The .md (Markdown) format is the most portable: it imports cleanly into Obsidian, Joplin, Standard Notes, Notion, and almost every notetaking app. For bulk migration, do this for each tab, then import the .md files into your destination tool. No proprietary format means no lock-in: your notes are always extractable as standard text files.