This article assumes the version of Notes In Confidence you are using has Google Drive enabled (it does, on the hosted site). Drive is what makes the app practical for real clinical work: it keeps your encrypted vault safely backed up, and it lets you use the same vault from any device you own.
The setup itself takes about five to seven minutes. The benefits last for as long as you use the app.
Why Google Drive matters
Three things become true the moment your vault lands in your own Google Drive.
Your data is already backed up. If your laptop dies, gets stolen, or simply will not turn on tomorrow morning, your vault is not gone. It is sitting in your Google Drive, encrypted, exactly as it was when you last saved a note. Sign in on a new device with the same Google account, type your password, and your notes are back. No file copying, no manual restore, no panic.
You can use the app on every device you own. Open Notes In Confidence on your laptop in the morning, on your phone between sessions, on a desktop at the clinic in the afternoon. As long as you sign in to the same Google account on each of them, the same vault is there, kept up to date for you. A note you save on your phone shows up on your laptop the next time you unlock it.
Nobody else can read your notes, including Google. Drive holds your vault as an encrypted blob. The only key that can decrypt it is the password you carry in your head. Your password is not sent to Google, not sent to us, not stored anywhere outside your own browser's memory. So although Google can see that the encrypted file exists, Google cannot read what is inside it. Neither can we. Only you, with your password.
There is one trade-off worth being honest about: there is no password reset. Because nobody else holds your key, nobody else can hand it back to you. If you forget your password, your data is unrecoverable.
What we ask Google for, and what we do not
When you click Continue with Google, Google asks you to grant the app one specific permission, called the app data folder permission. In Google's own words, this lets the app read and write a single file in a hidden, per-app area of your Drive. We cannot see your other Drive files. We cannot list your folders. We cannot read your shared documents. The hidden folder is hidden from your normal Drive view too: even you cannot browse to it. It is reserved for our app's one file, and that one file is the encrypted vault.
You can revoke this access any time from your Google Account settings. If you do, the app enters read-only mode on your next unlock. You can still read every note you have ever written, but you cannot create new ones or edit existing ones until you reconnect Drive (or restore from a Local Backup file). The protection is deliberate: a vault that can be edited locally without ever syncing back to Google is one cleared browser away from data loss.
Tick the two consent boxes
Just before the password fields you will see two tickboxes. Both are required to enable the Create my vault button. They are not boilerplate. They exist because this is free software with no warranty, no support contract, and a deliberately unforgiving security model, and the operator wants you to confirm in writing that you understand both points.
The first tickbox accepts the Terms of Service and Privacy Notice. The second tickbox confirms you understand the specific risks: that a forgotten password destroys your data forever, that browsers can clear storage under some conditions, that malicious browser extensions could in principle break the encryption regardless of your password strength, and that you (not the operator) are the data controller for any clinical content you enter.
Tick both, and the Create my vault button becomes active.
The six steps
1. Open the app. Click the link to your hosted Notes In Confidence site, then click Open app. You will arrive on the Connect page.
2. Sign in with Google. Click Continue with Google and pick the account you want your vault tied to. We strongly recommend a personal Google account, not a shared work one. Approve the app data folder permission when Google asks.
3. Pick a password. The form requires twelve characters as an absolute minimum. We strongly recommend a passphrase made of four unrelated words rather than a short complicated password. Length is what makes a password resistant to guessing. Something like harbour candle willow argent is far stronger than P@ssw0rd! and easier to type accurately. The first time you submit, Chrome and Safari will offer to save the password; we strongly recommend accepting. Then write it down somewhere physical too, like a sealed note in a drawer at home.
If a vault for this Google account already exists (for example, you set up the app on another device first), Google sign-in will detect it and the screen will ask you for the password instead of having you choose a new one. Enter the password you used originally. Your notes appear, decrypted on this new device.
4. Vault is created. When you click Create my vault, the app encrypts a fresh empty vault inside your browser, then uploads the encrypted blob to that hidden folder of your Drive. This takes a few seconds.
5. Set up Drive Backup (recommended). A new step now appears asking you to also set up Drive Backup. This is a separate Google permission (the drive.file scope) that lets the app save self-decrypting backup files to a visible folder of your Drive every seven days. It is your safety net for the case where this website ever goes offline; the hidden Drive Sync file cannot be opened on its own without our website, but Drive Backup files can. Click Continue with Google to set this up too.
If you would rather defer this, click Skip. The app will not block you from entering data, but a persistent reminder will appear at the top of every page until you set Drive Backup up from Advanced > Backup. We strongly recommend doing it now.
6. You are in. A short welcome dialog appears explaining how local backups work. Read it. It tells you that the app is about to download your first local backup file to your computer's Downloads folder. Click Got it, continue. The first backup downloads, the dashboard opens, and you are ready to add your first client.
A 30-second move that doubles your safety net
Drive Sync keeps the vault current across your devices. Drive Backup writes self-decrypting copies to a visible Drive folder every seven days. The third copy, the manual local backup file, lives on your computer's Downloads folder. If your computer dies, those local backup files die with it.
The simplest way to never lose a local backup, with no extra effort from you, is to point your browser's Downloads folder at a folder that already syncs to the cloud. If you already use OneDrive, iCloud Drive, Dropbox, or Drive on your computer, you almost certainly have such a folder. Pointing Downloads there means every backup you ever take ends up safely off your device automatically.
The setting is in your browser's preferences. In Chrome, Settings > Downloads, click Change next to Location, and pick a folder inside your synced cloud folder. In Edge, Settings > Downloads > Location > Change. In Firefox, Settings > Files and Applications > Save files to. In Safari, Settings > General > File download location.
Backups are encrypted with your password, so even if your cloud provider's staff could see the file (which is not how iCloud or Dropbox work in most cases), they could not read what is inside.
What happens straight after setup
You arrive on the dashboard. Two short prompts may appear: one asking whether you also work as a supervisor (which switches on a parallel supervision module), and one pointing out that you have no clients yet. Both have a "Do not show again" tickbox. Skip them for now if you like.
In the background, the encrypted vault has just been uploaded to your hidden Drive folder, ready to sync to your other devices when you sign in there.
What to do next
Add your first client. The article Add a client and write your first session note walks through the form and the Notes input page.
If you skipped Drive Backup, set it up now. Open Advanced > Backup, click Set up Drive Backup, and grant the second Google permission. The persistent reminder banner will then go away.
Take a moment to write your password down somewhere safe. We mean this. Belt and braces. A password manager you trust, a sealed envelope, anywhere you keep things you cannot afford to lose.