@favu - thanks for your comments and links to Reddit; following another link there, leads to:
In terms of data secruity [sic], we use SSL everywhere, run 100% on AWS behind a VPC (based in US West, Oregon), with the database encrypted at rest. Everybody on the team follows the necessary security hygiene and Cloudtrail is turned on at all times."
That sounds reassuring, but why in the world is the domain country code for Notion .so?
As to TheBrain web cloud, I searched to find this: https://www.thebrain.com/about/legal/privacy/ , and find this in particular: "To ensure the highest level of protection of the information you disclose to TheBrain, we recommend that you not disclose any sensitive personal information about yourself to TheBrain."
Because I've used TB for so many years, and feel I've come to know key individuals, at least indirectly, I've developed a level of trust, somewhat unquestioningly, and nothing has raised any alerts. But, I think I probably haven't put any directly "sensitive personal information" into TB. That isn't so true of Evernote, although even there, I avoid putting some information into it.
With the state of affairs in internet security being what it is, where major corporations, banks, cities, political parties, etc. have all been breached and millions of peoples' data stolen, or encrypted for ransom, for sale and criminal use, an individual would seem to have little chance to avoid being violated, except to keep everything possible off the internet, and not even to connect to the internet. I use the best security protection I can find on my computer and mobile (Apple) devices, and do my best to avoid the phishing emails, etc. Every click on a link, even here in the Forums, is some risk that it will go somewhere nefarious.
I put very little on Facebook or Twitter, but somewhat more on LinkedIn. I pay two external security services to monitor my accounts for misuse.
I backup my computer to the cloud, because I've learned the hard way that backing up to an external hard drive doesn't mean it is going to be there when I need it; but again, when I backup the whole computer to the cloud, I am potentially exposed if the encryption fails or something else goes wrong. Nevertheless, my computer is a system that I've been building up since the 80's, and to start over from scratch would be essentially an impossible task, even if some of the data is stored in the cloud at places like Dropbox, et al.
It is a Sword of Damocles that hangs over anything personal or useful put on the internet or stored digitally anyplace.