Privacy Policy
Last updated: December 24, 2024
🔐 Zero-Knowledge Encryption
Nevernote is designed with privacy at its core. Your notes are encrypted on your device before being stored. We cannot read your notes, and we never will. Your encryption passphrase never leaves your browser.
1. Information We Collect
1.1 Account Information
When you sign in, we receive basic profile information from your authentication provider:
- Email address
- Display name
- Profile picture URL
This information is used solely to identify your account and personalize your experience.
1.2 Encrypted Data
Your notes, folders, and attachments are encrypted on your device using your personal passphrase before being transmitted to our servers. We store:
- Encrypted note content (unreadable without your passphrase)
- Encrypted folder structure
- Encrypted file attachments
- A cryptographic salt (used to derive your encryption key)
1.3 What We Cannot Access
- Your encryption passphrase
- The plaintext content of your notes
- Your decrypted attachments
- Any unencrypted user content
2. How We Use Your Information
| Data | Purpose |
|---|---|
| Email address | Account identification, important notifications |
| Display name | Personalization within the app |
| Encrypted data | Storage and synchronization across your devices |
3. Third-Party Services
3.1 Authentication Providers
We use the following services for authentication:
- Google Sign-In - Subject to Google's Privacy Policy
- Microsoft Sign-In - Subject to Microsoft's Privacy Statement
- Apple Sign-In - Subject to Apple's Privacy Policy
3.2 Optional Google Drive Storage
If you choose to store your encrypted data on Google Drive instead of our servers, your encrypted files are subject to Google's terms and privacy policy. The data remains encrypted.
3.3 AI Features
AI features are powered by Google Gemini. Your data may be processed by:
- Google Gemini API - Subject to Google's Privacy Policy
- AI processing uses a free Nevernote-provided key or your own API key
- Note content is sent to the AI for analysis directly from your browser
4. Data Storage & Security
- All data is encrypted using AES-256-GCM before leaving your device
- Data is transmitted over HTTPS/TLS
- We use secure, European-based hosting
- We do not share, sell, or rent your data to third parties
5. Data Retention
Your encrypted data is retained until you delete it or delete your account. When you delete your account:
- All your encrypted notes are permanently deleted
- All your encrypted attachments are permanently deleted
- Your account information is removed from our systems
- This process is irreversible
6. Your Rights
You have the right to:
- Access - View all data associated with your account
- Export - Download your notes (decrypted on your device)
- Delete - Permanently delete your account and all data
- Portability - Export your data in standard formats
7. Cookies & Local Storage
We use browser local storage for:
- Session authentication tokens
- User preferences (theme, settings)
- Cached encryption keys (never transmitted)
We do not use tracking cookies or analytics that identify individual users.
8. Children's Privacy
Nevernote is not intended for children under 13. We do not knowingly collect information from children under 13.
9. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes by posting a notice in the app.
10. Contact Us
For privacy-related questions or concerns, contact us at:
Email: privacy@nevernote.ie
← Back to Nevernote