Your task list is more sensitive than you think. Almost no popular to-do app encrypts it end-to-end. We compare Todoist, Microsoft To Do, Apple Reminders, Google Tasks, EteSync, and SilentSuite.
SilentSuite is an open-source, end-to-end encrypted to-do list and task sync, built on the same Etebase protocol as our calendar and contacts. The server stores ciphertext only, so we can't read your tasks. Hosted from €3/mo, AGPL-3.0 self-hostable, EU infrastructure.
That covers the question for SilentSuite. The harder question is the rest of the market. Almost every popular to-do list app, from Todoist to Apple Reminders to Google Tasks to Microsoft To Do, can read every item on your list. This post is an honest look at the landscape, and why we think encrypted task sync deserves more attention than it gets.
Why your task list is more sensitive than you think
People are careful with their email and a little less careful with their calendar. They're almost universally careless with their task list, because it feels like a notepad. It isn't.
Your tasks contain medication reminders. Therapy follow-ups. “Call the lawyer.” “Renew the visa.” “Cancel the gym before the contract auto-renews.” Personal health, legal exposure, financial deadlines. Tasks tend to be more concrete than calendar events, because calendar events are often shared and tasks are usually private notes-to-self. The result is a stream of plaintext intent that, in aggregate, describes the shape of your life with uncomfortable precision.
Now ask: who can read it? For most of the popular task apps, the answer is “the company that runs the service.” Sometimes the answer is “the company, plus its analytics partners, plus whoever issues a subpoena.”
Todoist
Todoist is the most-used cross-platform to-do app, and it's a genuinely good product. It is not end-to-end encrypted. Tasks are stored in plaintext on Todoist's servers. Their privacy policy describes encryption in transit and at rest, which is the modern minimum, but means Todoist can read every item in your list and produce them in response to legal requests.
Todoist also integrates with third parties (calendar sync, automation tools, AI features) which means your tasks are crossing additional trust boundaries. None of this is unusual or hidden. It's just worth being clear-eyed: if you wouldn't put it in a Google Doc, don't put it in Todoist either.
Microsoft To Do
Microsoft To Do is free, polished, and built on Outlook tasks underneath. It's also fully readable by Microsoft. There is no end-to-end encryption. Tasks live in your Microsoft 365 account and inherit the same trust model as your Outlook mailbox: encrypted at rest on Microsoft's servers, decryptable by Microsoft.
For corporate use this is generally fine because the trust boundary is the company, not the individual. For personal use, it means a line item like “leave job” sits in plaintext on infrastructure your employer's IT department can sometimes reach.
Apple Reminders
Apple Reminders through iCloud is closer to the encrypted end of the spectrum, but not all the way there. With Advanced Data Protection for iCloud enabled, Reminders becomes end-to-end encrypted. Without it, Apple holds the keys and can read your reminders.
Advanced Data Protection is opt-in, off by default, requires a recovery contact or recovery key, and is restricted in some jurisdictions (notably the UK as of 2025). It also doesn't help you if you use Reminders outside the Apple ecosystem, because there is no CalDAV-compatible task export. Apple's reminders are Apple's reminders.
Google Tasks
Google Tasks sits inside Gmail and Google Calendar. It is not end-to-end encrypted. Google can read your tasks. Google does read your tasks, in the loose sense that the infrastructure processes them in plaintext for indexing, search, and increasingly for AI features. Anything in Google Tasks should be treated like anything in Gmail: convenient, integrated, and absolutely visible to Google.
EteSync
EteSync was the first service to do encrypted tasks properly. The Etebase protocol underneath is genuinely well-designed: zero-knowledge encryption, conflict resolution, offline support, the works. The problem is that EteSync's apps and server stopped getting updates. Existing users still sync, but new users are walking into a product that isn't being maintained.
We covered this in detail in our post on why we picked the EteSync project up.
SilentSuite
SilentSuite handles tasks the same way it handles calendars and contacts. Items are encrypted on your device before they leave it. Our server stores ciphertext only. We can't read your tasks even if we wanted to, because we don't have your key.
Tasks live in the same account as your calendar and contacts, so you don't need a separate subscription for each PIM category. And because we share the Etebase protocol with EteSync, anyone coming from EteSync brings their existing task lists with them.
Comparison table
Here's how the popular task apps stack up on encryption, openness, and lock-in. We've tried to be fair. If something is wrong, let us know.
| | | | | | |
|---|---|---|---|---|---|---|
| E2EE tasks | No | No | Partial | No | Yes | Yes |
| Server can read your tasks | Yes | Yes | Partial | Yes | No | No |
| Cross-platform | Yes | Yes | No | Yes | Yes | Yes |
| Open source | No | No | No | No | Yes | Yes |
| Self-hostable | No | No | No | No | Yes | Yes |
| CalDAV / standard sync | No | No | No | No | Via bridge | Yes* |
| Status | Active | Active | Active | Active | Abandoned | Active |
| Price | Free / from $5/mo | Free | Bundled with iCloud | Free | Was €2/mo | From €3/mo |
“Partial” for Apple Reminders means E2EE only when Advanced Data Protection is enabled, which is opt-in and not available everywhere.
* SilentSuite tasks sync over the Etebase protocol natively. CalDAV for tasks (VTODO) is exposed through our standalone bridge for third-party clients like Thunderbird.
Is there an end-to-end encrypted Todoist alternative?
Practically, the choices in 2026 are SilentSuite or staying on a stalled EteSync. Proton and Tuta both offer encrypted email and calendar but don't have a real task product. Standard Notes can do plaintext to-dos inside encrypted notes, which is closer to a notebook than a task list. Joplin can store to-do markdown notes encrypted, but it's a notes app first and not designed around the task workflow (recurrence, due dates, reminders, sub-tasks).
For dedicated, encrypted, cross-platform task sync that handles recurrence and reminders properly, the gap is real and we're one of very few options trying to fill it.
What about offline-only apps?
Apps like Things (Apple-only) sync over iCloud and inherit Apple's trust model. Plain-text Markdown systems like Obsidian Tasks store everything locally, which is privacy-perfect but breaks the moment you want it on your phone too. Org-mode users have decades of clever sync solutions, all of which require sysadmin tolerance.
Local-first is a legitimate path. SilentSuite isn't local-only, but it is local-first in a meaningful sense: your client holds the keys, the server holds ciphertext, and your data is encrypted before it leaves the device. You get cross-device sync without giving the provider a window into your task list.
FAQ
Is Todoist end-to-end encrypted?
No. Todoist encrypts data in transit and at rest, but Todoist itself can read your tasks. There is no E2EE option in 2026.
Is Apple Reminders end-to-end encrypted?
Only if you have Advanced Data Protection for iCloud enabled. By default, Apple holds the keys and can read reminders.
Is Google Tasks end-to-end encrypted?
No. Google holds the keys and processes tasks in plaintext, like the rest of Google Workspace.
What's the best encrypted to-do list app?
For dedicated, cross-platform, end-to-end encrypted task sync with proper recurrence and reminders, the realistic options are SilentSuite (active, maintained, €3/mo or self-hosted) or EteSync (same protocol, no longer maintained). Apple Reminders with Advanced Data Protection is a fourth option if you live entirely in the Apple ecosystem.
Can I self-host an encrypted task server?
Yes. SilentSuite's server is open source under AGPL-3.0 and runs on a standard Linux VPS or homelab.
Tasks deserve the same encryption as the rest of your data. They just usually don't get it. Sign up for SilentSuite if you want a to-do list your provider can't read.
Interested in private sync?
SilentSuite is available now. Sign up and start syncing your calendar, contacts, and tasks with end-to-end encryption.
Get Started