Is Némos private?

Privacy is a first-class design constraint of Némos, not a marketing claim. Here's the architecture in detail.

1. No Némos servers

Némos has no servers. There is no nemosapp.com API endpoint that receives your content. All processing happens on:

• Your iPhone, iPad, Apple Watch, or Mac.
• Apple's CloudKit infrastructure (for sync only).

This means Némos *cannot* read your notes, screenshots, or voice memos — there's no technical path for our team to access them.

2. On-device AI only

Némos uses Apple Foundation Models for:

• Auto-tagging
• Summarization
• Semantic search
• Recipe / receipt classification
• Voice memo transcription
• OCR

All of this runs on your device's Neural Engine. No request ever goes to OpenAI, Anthropic, Google, or Apple's Private Cloud Compute (PCC). Your content never leaves your device for AI processing.

3. CloudKit sync

When you have multiple devices, Némos uses Apple's CloudKit to sync between them. CloudKit:

• Encrypts data in transit (TLS 1.3).
• Encrypts data at rest in iCloud.
• With Advanced Data Protection (ADP) enabled on your Apple account, sync is end-to-end encrypted — even Apple cannot decrypt your data.
• Without ADP, Apple holds the encryption keys but does not routinely read your content.

To enable ADP: Settings → [Your Name] → iCloud → Advanced Data Protection → Turn On.

4. No analytics on content

Némos uses anonymized telemetry for crash reports and performance metrics. This includes:

• App version
• Anonymized device model (e.g. "iPhone 15 Pro" not your serial number)
• Crash reports (which never include note content)
• General usage counters ("user created N notes this week" — never the content)

Telemetry is opt-out via Settings → Privacy → Analytics.

5. No third-party SDKs

Némos doesn't include Facebook SDK, Google Analytics, AppsFlyer, Adjust, Branch, or any other tracking SDK. The only third-party code in Némos is open-source libraries (RevenueCat for subscriptions, Sentry for crash reports) configured to never receive content.

6. Share Extension privacy

When you save something from another app via Share Sheet:

• The content stays on-device.
• No upload occurs except to CloudKit (if sync is on).
• We never see the URL, image, or text you're sharing.

7. Voice memo privacy

Voice memos are recorded to local storage. Transcription uses Apple's on-device Speech framework. The audio file and transcript are encrypted on iCloud (with or without ADP). At no point does the audio leave your device or your iCloud account.

8. Screenshot privacy

Screenshots are imported via the Photos framework. OCR uses Apple Vision on-device. Image classification (recipe/receipt/map/etc) uses on-device ML. The screenshot bytes never leave your device.

9. Compared to competitors:

10. The threat models we protect against:

✓ Cloud provider data breach (Notion, Evernote, Mem have all been breached).

✓ Cloud provider employee access (Notion staff can technically read your notes).

✓ AI provider training (OpenAI / Anthropic / Google won't see your data).

✓ Legal compulsion (with ADP, Apple cannot decrypt your data even with subpoena).

✓ Network surveillance (TLS + on-device processing means there's nothing to intercept).

✓ Device theft (FileVault / device passcode protects local data).

What Némos doesn't protect against:

• Forensic device access by someone with physical possession + your passcode.
• Targeted government attacks on your device (no app can fully protect against this).
• Misconfigured iCloud (e.g., sharing a note publicly and forgetting).

Bottom line: Némos is among the most private note apps in 2026. The on-device-only AI architecture means even Apple's PCC doesn't see your data. For users where privacy is non-negotiable, Némos is built for you.

## Why this question gets asked so often

Privacy as a marketing claim is cheap; privacy as architectural commitment is rare. Most "privacy-focused" apps make claims that don't hold up under technical scrutiny — they encrypt in transit but not at rest, they have employee access to user content, they use third-party AI providers without disclosing the data flow. Users who've been burned (Evernote's 2016 "we can read your notes" disclosure, Notion's 2021 URL-guessing vulnerability, the 2023 LastPass breach) are skeptical of new privacy claims. The "is X actually private?" question reflects healthy skepticism. The challenge for users is that verifying privacy claims requires technical knowledge most don't have — security audits aren't routinely published, code isn't usually open-source, and "we don't read your data" is unfalsifiable from the user's side. The 2024 EU Cyber Resilience Act and California's SB-1001 are starting to add legal teeth to privacy claims, but enforcement is slow.

## The deeper story

Privacy architecture has three failure modes most apps hide: (1) cloud AI provider leakage — content sent to OpenAI/Anthropic/Google for processing, even with "no training" agreements; (2) telemetry leakage — third-party SDKs (Facebook, Mixpanel, Amplitude, AppsFlyer) that observe app behavior; (3) employee access — backend admins who can technically read content even if policies prohibit it. A truly private notes app addresses all three: on-device AI (no cloud LLM), no tracking SDKs, and either E2E encryption or open-source code that can be audited. The 2024 Matthew Green / Bruce Schneier critique of privacy claims emphasized that "privacy" is a technical property, not a marketing one — and asked apps to publish their architecture explicitly. Némos's architecture is intentionally documented in detail because the claims are verifiable: on-device AI uses Apple Foundation Models (verifiable in Xcode build outputs); no SDKs (verifiable in App Store privacy nutrition labels); CloudKit sync uses Apple's E2E encryption with ADP.

## Edge cases and gotchas

• iCloud backup unencrypted at rest: if you back up your iPhone to iTunes/Finder without encryption, your Némos data is included. Encrypt the backup.
• Shared notes drop E2E even with ADP: Apple's CloudKit shared-data model decrypts on Apple's servers for collaboration.
• iOS device forensics: with physical device access + your passcode, all encryption is moot. iPhone passcodes matter.
• Cellular Sync: even on cellular, sync goes through your iCloud-encrypted channel. No third-party visibility.
• Crash reports: Sentry crash reports never include content, but metadata (iOS version, device model, app version) is captured.
• Anti-cheat / DRM: Némos doesn't include any anti-cheat or DRM SDKs.
• Family Sharing for Pro: doesn't share content, only entitlement.
• Acquisition continuity: in case of acquisition, shareholder agreement requires continuing privacy commitments.

## What competitors say

Apple Notes with ADP is comparable for storage but uses PCC for some AI features. Standard Notes is zero-knowledge — even Standard Notes can't read your content. Obsidian local-only is the privacy maximalist option (no sync surface). Joplin with E2E sync is open-source and audited. Notesnook is zero-knowledge like Standard Notes. Bear uses iCloud (same Apple infra as Notes). Notion is unencrypted at rest. Evernote has had multiple breaches. Mem is cloud-only with no E2E. Reflect Notes has E2E but cloud AI. Capacities is cloud-first. Tana is cloud-first. Roam is cloud-first. Apple Notes with Advanced Data Protection is the most-private mainstream option; Némos extends that by also using only on-device AI.

## The 2026 verdict

Privacy is a spectrum, not a binary. Different threat models warrant different choices. For typical users worried about ad targeting, cloud breaches, and AI training: any app with on-device AI + E2E sync (Apple Notes + ADP, Némos, Bear + ADP) is enough. For sensitive professionals (journalists, lawyers, therapists): add zero-knowledge encryption (Standard Notes, Notesnook) or local-only (Obsidian). For extreme threat models (sources, dissidents): air-gapped devices and physical security matter more than app choice. The single highest-impact privacy change most users can make is enabling Advanced Data Protection on iCloud — it takes 90 seconds and protects all Apple apps simultaneously.