The RC2 thing from the disclosure is really, really weird. It makes Evernote the only app built in the last 10 years that I am aware of to build on RC2. I wonder whether it's a mistake, and they're actually using RC4 with truncated keys or something.
"For Evernote's consumer product, the current encryption algorithms are chosen more for exportability under the Commerce Department rather than strength, since our software permits the encryption of arbitrary user data with no escrow."
I guess Evernote's been around for a while, but wasn't it way back in 2010 that the BIS allowed simple self service registration and annual self classification of almost all "mass market" use of crypto?
International regulations are pretty insane. For example, France requires you to submit your software to them for review that's supposed to take up to 2 weeks. This isn't just for product releases, it includes everything, including patches.
Apple, MS and Google can get away with it because they have large legal teams that help them with all the various rules and regulations. For smaller companies, it's simply too massive to bother taking more than an off-the-shelf solution.
I know the CEO is a security guy and worked with Defense Department stuff. I think it's one of those things where you feel so comfortable with something that you make choices others don't because, come on, you're a startup.