Nemosine
How it worksDownload
Menu

Legal

Privacy Policy

How Nemosine handles account data, encrypted sync content, subscriptions, support requests, and website contact messages.

1. Who is responsible for your data

Nemosine is operated by Nemosine AS (organisation number 937 091 567).

Nemosine AS is the data controller for the personal data described in this Privacy Policy unless this page says otherwise.

2. Scope

This Privacy Policy applies to:

  • the Nemosine website at nemosine.app
  • the Nemosine web and app experience at app.nemosine.app
  • cloud sync accounts, subscriptions, billing status, and support requests

This policy covers Nemosine's currently live production features. Google Calendar integrations and AI features are not currently offered as live production services.

3. Data we collect

Depending on how you use Nemosine, we may process:

Account and authentication data

  • email address
  • user ID and account identifiers
  • authentication and session status data

User content

  • thought titles
  • thought bodies and related synced content
  • synced media attachments
  • synced settings and other user-created data

Nemosine is a general-purpose notes product. Because you control what you write, your content may include sensitive or special-category personal data. We do not ask for that information specifically, but if you choose to store it, we will process it only to provide the service you requested.

Sync metadata and technical data

  • row IDs, table names, versions, timestamps, and deletion flags
  • randomly generated device identifiers used for sync conflict resolution and ordering
  • storage usage, traffic usage, request counts, and sync status
  • app version, client platform, and technical error data only if you choose to submit an error report; those reports do not include note contents or synced thought bodies

Subscription and transaction data

  • subscription plan, status, renewal state, and entitlement status
  • transaction IDs and subscription IDs from Stripe, Apple, or Google
  • billing currency, amount, taxes, fees, and subscription period dates

We do not store full payment card numbers in Nemosine systems.

Website and support data

  • website request logs and technical security data handled by our hosting providers
  • contact form submissions, including name, email, company, and message
  • support correspondence you send to us

4. How we use personal data

We use personal data to:

  • create and operate your account
  • authenticate you and keep the service secure
  • store and sync encrypted content across your devices when you enable cloud sync
  • provide subscriptions, billing status, and entitlement checks
  • monitor reliability, capacity, bandwidth, storage usage, and abuse
  • provide customer support and respond to legal or regulatory obligations
  • maintain aggregated, non-identifiable product KPI reporting

We do not sell your notes, and we do not use synced thought content for advertising or model training.

5. Lawful bases under GDPR

If you are in the EEA, Norway, or the UK, we rely on these lawful bases:

  • Contract: to create your account, authenticate you, provide cloud sync, provide subscriptions, and respond to support requests related to the service
  • Legitimate interests: to secure the service, prevent abuse, troubleshoot problems, measure storage/bandwidth usage, plan capacity, and keep internal aggregated KPI reporting
  • Legal obligation: to retain records required by accounting, tax, consumer, fraud, or other applicable law
  • Consent: only where consent is specifically required by law, for example if we later add optional non-essential cookies or comparable tracking technologies

6. Encryption and what "end-to-end encrypted" means in Nemosine

Nemosine is designed to be local-first. If you do not enable cloud sync, your content stays on your device.

When you enable cloud sync:

  • thought content and synced media are encrypted on your device before upload
  • your login password is separate from your sync encryption password
  • Nemosine cannot read the encrypted synced content without the sync encryption password

However, not all metadata is end-to-end encrypted. To make authentication and cross-device sync work, the server can still process some metadata such as:

  • account identifiers
  • sync row and table identifiers
  • timestamps
  • randomly generated device identifiers used by the sync algorithm as anonymous technical metrics
  • row versions and deletion markers
  • storage and traffic counters

Technical error data is only sent if you choose to submit an error report, and those reports do not include note contents or synced thought bodies.

So the accurate description is: Nemosine provides end-to-end encryption for synced content, but not for all sync metadata.

If you lose your sync encryption password, some synced cloud content may become unrecoverable.

7. Service providers and disclosures

We share data only where needed to run the service or comply with law. Current providers include:

  • Supabase for authentication, database, and encrypted sync storage
  • Vercel for website hosting and website request handling
  • Formspree for website contact form handling
  • Stripe for web subscription payments
  • Apple and Google for in-app subscription payments and billing events

Apple, Google, and Stripe also apply their own privacy terms to data they process on their own behalf.

We may also disclose personal data:

  • if required by law, court order, or valid government request
  • to establish, exercise, or defend legal claims
  • in connection with a merger, acquisition, financing, or asset transfer, subject to applicable confidentiality and legal requirements

8. International transfers

Our providers may process personal data outside Norway or the EEA, including in countries that may not have the same level of legal protection.

When that happens, we rely on applicable transfer mechanisms such as:

  • adequacy decisions
  • the European Commission's Standard Contractual Clauses
  • additional contractual, technical, and organisational safeguards where appropriate

9. Retention

We keep personal data for as long as needed for the purposes described above.

In general:

  • active account and cloud-sync data are retained while your account remains active
  • we may delete cloud account data if the account has been inactive for 2 years
  • for paid subscriptions, we normally keep cloud data while the subscription or account remains active
  • free accounts that stay inactive for more than 2 years may have cloud data removed
  • deleting cloud data does not automatically delete local copies stored on your own devices
  • billing and accounting records may be kept longer where required by law
  • de-identified or aggregated statistics that do not reasonably identify you may be kept after account deletion

10. Your rights

If GDPR or similar privacy laws apply to you, you may have the right to:

  • access your personal data
  • correct inaccurate data
  • request deletion of your data
  • restrict or object to certain processing
  • receive a portable copy of data you provided to us
  • withdraw consent where processing is based on consent
  • complain to your local supervisory authority

If you are in Norway, you can complain to Datatilsynet.

If you are in certain US states, you may also have rights to know, access, correct, delete, and appeal certain decisions about personal data processing. Nemosine does not currently sell personal information or share it for cross-context behavioural advertising.

To exercise rights, contact support@nemosine.app. We may ask for information needed to verify your identity before acting on a request.

11. Children's privacy

Nemosine is a general-audience product and is not directed to children under 13. We do not knowingly collect personal data from children under 13 for cloud-sync accounts or subscriptions. If you believe a child under 13 has provided personal data to us, contact support@nemosine.app and we will investigate.

If you are under the age required to enter into a binding contract where you live, do not buy a subscription unless your parent or legal guardian is involved.

12. Cookies, local storage, and website technologies

Nemosine does not currently use advertising cookies or third-party behavioural tracking on the public website.

We may still use:

  • necessary website request logs and security tooling through our hosting providers
  • essential browser storage or app-side local storage to make the website or app work
  • secure device storage inside the app for account and sync-related settings

If we later add optional analytics, marketing cookies, or similar technologies that require consent, we will update this Privacy Policy and request consent where required.

13. Security

We use technical and organisational measures designed to protect personal data, including encryption in transit, on-device encryption for synced content, access controls, and least-privilege service design. No system is perfectly secure, so we cannot guarantee absolute security.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make a material change, we may notify users through the website, the app, or the account email address on file, depending on the nature of the change.

15. Contact

For privacy questions, support requests, or legal notices related to privacy, contact:

Nemosine AS
Org. no. 937 091 567
Vestre Furmyrveg 26, 6017 Aalesund, Norway
support@nemosine.app