🔐 Security & Privacy

Zero-knowledge encryption means your notes are encrypted before they ever leave your device. Not even Nevernote can read your notes.

🛡️ What is Zero-Knowledge Encryption?

Your Data, Your Key

Zero-Knowledge
🔑
Your Passphrase
NEVER LEAVES BROWSER
  • You create a passphrase
  • Derives 256-bit AES key
  • Stored only in memory
Encrypts
📝
Your Notes
ENCRYPTED
  • Encrypted before upload
  • Server stores ciphertext
  • We can't decrypt

The server never sees your passphrase or plaintext notes. If you forget your passphrase, we cannot recover your data.

🔒 Encryption Technical Details

Key Derivation (PBKDF2)

Your passphrase is combined with a random salt using PBKDF2 with 100,000 iterations. This produces a 256-bit AES key. The salt is stored on the server, but without your passphrase, it's useless.

Symmetric Encryption (AES-256-GCM)

Notes are encrypted with AES-256-GCM, an authenticated encryption mode that provides both confidentiality and integrity. Each encryption uses a random 12-byte IV.

Web Crypto API

All cryptographic operations use the browser's native crypto.subtle API. No external crypto libraries. Runs in a secure context (HTTPS only).

Fresh IV Per Encryption

Every time a note is saved, a new random Initialization Vector (IV) is generated. This ensures identical plaintext produces different ciphertext.

📦 What Gets Encrypted?

Encrypted (Client-Side)

  • Note titles and content
  • Folder names and structure
  • Images and attachments
  • AI summaries and keywords
  • Version history snapshots
  • Search index
  • Contacts data
  • Your AI API key (if provided)

⚠️ Not Encrypted (Metadata)

  • Note IDs (random UUIDs)
  • Timestamps (created/updated)
  • Content hashes (for sync)
  • Your email (for auth)
  • PBKDF2 salt
  • Geo-location (if enabled)

Metadata is required for sync and authentication. It doesn't reveal note contents.

💾 Encrypted Data Structure

How Notes Are Stored

📦 Encrypted Note Record

{
  "id": "note_abc123def456",
  "encrypted": {
    "iv": "Ek9mR2hKbFN...",        // 12-byte random IV (base64)
    "ciphertext": "U2FsdGVkX1..."  // AES-256-GCM ciphertext
  },
  "hash": "a1b2c3d4e5f6...",          // SHA-256 first 16 chars (for sync)
  "updatedAt": "2026-01-04T10:30:00Z",
  "folderId": "folder_xyz789"        // Unencrypted for indexing
}

The encrypted object contains both the IV and ciphertext. To decrypt, you need the IV, ciphertext, and your derived AES key (from passphrase + salt).

📂 Server Storage Structure

🖥️ Nevernote Server (data/{userHash}/)

📁 notes/
  ├── {noteId}.json [ENCRYPTED]
  └── ...
📁 history/
  ├── {noteId}.json [ENCRYPTED]
  └── ... // version snapshots
📁 ai_summaries/
  ├── {noteId}.json [ENCRYPTED]
  └── folders/{folderId}.json
📄 folders.json [ENCRYPTED]
📄 search-index.json [ENCRYPTED]
📄 contacts.json [ENCRYPTED]
📄 salt.txt // PBKDF2 salt only

💻 Browser IndexedDB (nevernote-cache)

📦 notes [ENCRYPTED]
  ├── id, encrypted, dirty, hash
  └── ...
📦 folders [ENCRYPTED]
📦 searchIndex [ENCRYPTED]
📦 sync
  ├── pageToken
  ├── lastFullSync
  └── provider
📦 pendingOps // offline queue

🔑 Authentication Security

🔵 Google OAuth

ID tokens verified using Google's OAuth2Client library. Nevernote is a Google-verified application with no security warnings.

🔷 Microsoft OAuth

ID tokens verified using JWKS (JSON Web Key Set) from Microsoft's discovery endpoint.

🍎 Apple Sign-In

ID tokens verified using Apple's JWKS. Supports "Hide My Email" for additional privacy.

🔗 Account Linking

Link multiple OAuth providers (Google, Microsoft, Apple) to the same Nevernote account. One passphrase, multiple sign-in options.

  • Single encryption key: Your passphrase works regardless of how you sign in
  • Email matching: If you sign in with a new provider using the same email, we'll offer to link accounts
  • Unlink protection: You must keep at least one sign-in method active

🕵️ Privacy Practices

✅ What We Do

  • • Encrypt all note content client-side
  • • Use zero-knowledge architecture
  • • Let you choose your storage provider
  • • Provide open documentation
  • • Minimize data collection

⛔ What We Don't Do

  • • Read or analyze your notes
  • • Sell your data to third parties
  • • Show you ads
  • • Track your behavior for marketing
  • • Store your passphrase

❓ Security FAQ

What if I forget my passphrase?

We cannot recover your data. This is the trade-off of zero-knowledge encryption. We recommend using a password manager to store your passphrase.

Can Nevernote read my notes?

No. Your notes are encrypted before leaving your browser. We only store ciphertext. Without your passphrase, the data is unreadable.

What about AI features?

AI processing (summaries, transcription) sends data to Google Gemini in plaintext. This is optional and clearly marked. The AI results are then encrypted before storage.

Is the code open source?

Not currently, but our encryption implementation uses standard Web Crypto APIs and well-documented algorithms. We're transparent about our security architecture.