Also it uses your follow list by default for deciding who can read your notes, but if you want to do a custom list you can easily achieve that by publishing a custom kind:3 follow list to Lockbox specifically (using a "-" tag so it won't get spreaded to other relays) and then Lockbox will read from that custom list.