Start with the security model
The first question is not how the app looks. It is where encryption happens and who can read the data. A private note app should clearly explain whether the browser encrypts the note before upload and whether the server can decrypt it.
Once that is clear, the rest of the product becomes easier to judge. Expiration controls, read limits, and the absence of tracking all become meaningful signals.
Then check the experience
A good private note app should be fast, easy to use, and comfortable on mobile. If it is too clumsy, users will only open it when they are desperate, which reduces adoption and undermines the whole point.
The strongest products combine privacy with simplicity. They let you write, encrypt, and share without turning the workflow into a technical project.