Privacy Policy - Nevernote | Zero-Knowledge Encryption & Data Protection

🔐 Zero-Knowledge Encryption

Nevernote is designed with privacy at its core. Your notes are encrypted on your device before being stored. We cannot read your notes, and we never will. Your encryption passphrase never leaves your browser.

1. Information We Collect

1.1 Account Information

When you sign in, we receive basic profile information from your authentication provider:

Email address
Display name
Profile picture URL

This information is used solely to identify your account and personalize your experience.

1.2 Encrypted Data

Your notes, folders, and attachments are encrypted on your device using your personal passphrase before being transmitted to our servers. We store:

Encrypted note content (unreadable without your passphrase)
Encrypted folder structure
Encrypted file attachments
A cryptographic salt (used to derive your encryption key)

1.3 What We Cannot Access

Your encryption passphrase
The plaintext content of your notes
Your decrypted attachments
Any unencrypted user content

2. How We Use Your Information

Data	Purpose
Email address	Account identification, important notifications
Display name	Personalization within the app
Encrypted data	Storage and synchronization across your devices

3. Third-Party Services

3.1 Authentication Providers

We use the following services for authentication:

Google Sign-In - Subject to Google's Privacy Policy
Microsoft Sign-In - Subject to Microsoft's Privacy Statement
Apple Sign-In - Subject to Apple's Privacy Policy

3.2 Optional Google Drive Storage

If you choose to store your encrypted data on Google Drive instead of our servers, your encrypted files are subject to Google's terms and privacy policy. The data remains encrypted.

3.3 AI Features

AI features are powered by Google Gemini. Your data may be processed by:

Google Gemini API - Subject to Google's Privacy Policy
AI processing uses a free Nevernote-provided key or your own API key
Note content is sent to the AI for analysis directly from your browser

4. Device Permissions

Nevernote may request the following device permissions to enable certain features:

4.1 Microphone (RECORD_AUDIO)

Used for the voice notes feature, allowing you to record audio directly into your notes. Audio recordings are:

Encrypted on your device before storage
Never transmitted unencrypted
Never accessed by Nevernote staff
Deleted when you delete the associated note

This permission is only used when you explicitly tap the microphone button to record a voice note.

4.2 Location (ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION)

Optional permission for geotagging notes. When enabled, your location is:

Only captured when you create or edit a note
Encrypted along with your note content
Never shared with third parties

4.3 Storage (READ_EXTERNAL_STORAGE)

Used on older Android versions (12 and below) to attach files and images to your notes. On Android 13+, no storage permission is needed as the system Photo Picker is used. Accessed files are encrypted before upload.

5. Data Storage & Security

All data is encrypted using AES-256-GCM before leaving your device
Data is transmitted over HTTPS/TLS
We use secure, European-based hosting
We do not share, sell, or rent your data to third parties

6. Data Retention

Your encrypted data is retained until you delete it or delete your account. When you delete your account:

All your encrypted notes are permanently deleted
All your encrypted attachments are permanently deleted
Your account information is removed from our systems
This process is irreversible

7. Your Rights

You have the right to:

Access - View all data associated with your account
Export - Download your notes (decrypted on your device)
Delete - Permanently delete your account and all data (Delete my data)
Portability - Export your data in standard formats

🗑️ Right to Erasure (GDPR Article 17)

You can delete all your data at any time from Settings → Developer → "Forget Everything", or visit our data deletion page for more options.

8. Cookies & Local Storage

We use browser local storage for:

Session authentication tokens
User preferences (theme, settings)
Cached encryption keys (never transmitted)

We do not use tracking cookies or analytics that identify individual users.

9. Children's Privacy

Nevernote is not intended for children under 13. We do not knowingly collect information from children under 13.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting a notice in the app.

11. Contact Us

For privacy-related questions or concerns, contact us at:

Email: privacy@nevernote.ie

← Back to Nevernote