the source code is made public and your notes/database are encrypted by default. You can even sync locally from your phone/laptop without internet.
The only two negatives I have found are that the mobile app has 1 tracker embedded into it (amplitude) and you dont have a choice about your encrypted data syncing to their servers.
if you have the option, set: https://beacondb.net/