This is free, open-source software. That matters more here than it would for most tools - if you're trusting something to protect your identity and your work, you shouldn't have to just take our word for it.
The complete source code is public on GitHub. Anyone - you, a security researcher, a journalist's own IT team - can read exactly how it works, verify the claims made on the Before You Begin page, and confirm nothing in the code does anything other than what's described.
Licensed under the GNU General Public License v2 (GPLv2). Copyright Paul Kruger.
This isn't a hosted platform with one central database of everyone's notebooks - it's software meant to be run by individual journalists, newsrooms, or organizations on their own server. That's a deliberate design choice: there's no single point that holds everyone's data, and no single point that could ever be compelled to hand it over.
Trust is the whole point of a tool like this. Asking journalists working under real risk to hand over their research to a closed-source, paid product from an unfamiliar operator is a hard and reasonable thing to be skeptical of. Being free and open removes that barrier - you can verify it yourself, or have someone you trust verify it for you, instead of just taking our word for it.