1. Controller and contact
For GDPR purposes, the controller is:
Nemosine AS
Org. no. 937 091 567
Vestre Furmyrveg 26, 6017 Aalesund, Norway
support@nemosine.app
Nemosine has not currently appointed a separate data protection officer. Privacy questions should be sent to the contact above.
2. What processing this page covers
This page summarises GDPR-relevant processing for Nemosine's currently live service, including:
- account creation and authentication
- optional encrypted cloud sync
- subscriptions and billing status
- support and website contact requests
- operational metrics for reliability, capacity, storage, and bandwidth planning
Google Calendar and AI features are not currently offered as live production services and are therefore not part of the current production processing scope.
3. Main categories of personal data
Nemosine may process:
- identifiers such as email address and user ID
- user-generated content you choose to store or sync
- sync metadata such as timestamps, row IDs, versions, and randomly generated device IDs used by the sync algorithm
- usage counters such as storage, ingress, egress, read/write requests, and session totals
- technical error data only if you choose to submit an error report, without note contents or synced thought bodies
- subscription and transaction metadata
- support and contact-form information
4. Lawful bases
For EEA, Norwegian, and UK users, Nemosine generally relies on:
- Article 6(1)(b) contract for account creation, authentication, cloud sync, subscriptions, and support connected to the service
- Article 6(1)(f) legitimate interests for service security, abuse prevention, troubleshooting, operational metrics, capacity planning, and internal aggregated KPI reporting
- Article 6(1)(c) legal obligation where records must be retained under accounting, tax, consumer, or other applicable law
- Article 6(1)(a) consent only where consent is specifically required, such as any future optional non-essential cookies or comparable tracking
5. Encrypted sync and metadata
If you enable cloud sync, synced thought content and synced media are encrypted on your device before upload.
However, not all metadata is encrypted end-to-end. To provide authentication and sync, Nemosine still processes technical metadata such as:
- account identifiers
- timestamps
- sync row and table identifiers
- row versions and deletion markers
- randomly generated device identifiers used by the sync algorithm as anonymous technical metrics
- usage and quota counters
Technical error data is only sent if you choose to submit an error report, and those reports do not include note contents or synced thought bodies.
Nemosine therefore provides end-to-end encryption for synced content, but not for all sync metadata.
6. Recipients and international transfers
Nemosine uses service providers including Supabase, Vercel, Formspree, Stripe, Apple, and Google, depending on the feature you use.
Where personal data is transferred outside the EEA or Norway, Nemosine relies on applicable legal transfer mechanisms such as adequacy decisions, Standard Contractual Clauses, and supplementary safeguards where appropriate.
7. Retention
In general:
- account and cloud data are retained while the account remains active
- cloud data may be deleted after 2 years of inactivity
- paid accounts normally retain cloud data while the subscription or account remains active
- local copies on your devices are not automatically deleted when cloud data is deleted
- legal and accounting records may be retained longer where required
- de-identified or aggregated statistics may be retained after account deletion
8. Your GDPR rights
Subject to GDPR and applicable exceptions, you may have the right to:
- access
- rectification
- erasure
- restriction
- objection
- portability
- withdraw consent where processing is based on consent
You also have the right to complain to a supervisory authority. In Norway, that authority is Datatilsynet.
Requests may be sent to support@nemosine.app. We may request information needed to confirm your identity before acting on a request.