Is Némos private?

Privacy is a first-class design constraint of Némos, not a marketing claim. Here's the architecture in detail.

1. No Némos servers

Némos has no servers. There is no nemosapp.com API endpoint that receives your content. All processing happens on:

• Your iPhone, iPad, Apple Watch, or Mac.
• Apple's CloudKit infrastructure (for sync only).

This means Némos *cannot* read your notes, screenshots, or voice memos — there's no technical path for our team to access them.

2. On-device AI only

Némos uses Apple Foundation Models for:

• Auto-tagging
• Summarization
• Semantic search
• Recipe / receipt classification
• Voice memo transcription
• OCR

All of this runs on your device's Neural Engine. No request ever goes to OpenAI, Anthropic, Google, or Apple's Private Cloud Compute (PCC). Your content never leaves your device for AI processing.

3. CloudKit sync

When you have multiple devices, Némos uses Apple's CloudKit to sync between them. CloudKit:

• Encrypts data in transit (TLS 1.3).
• Encrypts data at rest in iCloud.
• With Advanced Data Protection (ADP) enabled on your Apple account, sync is end-to-end encrypted — even Apple cannot decrypt your data.
• Without ADP, Apple holds the encryption keys but does not routinely read your content.

To enable ADP: Settings → [Your Name] → iCloud → Advanced Data Protection → Turn On.

4. No analytics on content

Némos uses anonymized telemetry for crash reports and performance metrics. This includes:

• App version
• Anonymized device model (e.g. "iPhone 15 Pro" not your serial number)
• Crash reports (which never include note content)
• General usage counters ("user created N notes this week" — never the content)

Telemetry is opt-out via Settings → Privacy → Analytics.

5. No third-party SDKs

Némos doesn't include Facebook SDK, Google Analytics, AppsFlyer, Adjust, Branch, or any other tracking SDK. The only third-party code in Némos is open-source libraries (RevenueCat for subscriptions, Sentry for crash reports) configured to never receive content.

6. Share Extension privacy

When you save something from another app via Share Sheet:

• The content stays on-device.
• No upload occurs except to CloudKit (if sync is on).
• We never see the URL, image, or text you're sharing.

7. Voice memo privacy

Voice memos are recorded to local storage. Transcription uses Apple's on-device Speech framework. The audio file and transcript are encrypted on iCloud (with or without ADP). At no point does the audio leave your device or your iCloud account.

8. Screenshot privacy

Screenshots are imported via the Photos framework. OCR uses Apple Vision on-device. Image classification (recipe/receipt/map/etc) uses on-device ML. The screenshot bytes never leave your device.

9. Compared to competitors:

10. The threat models we protect against:

✓ Cloud provider data breach (Notion, Evernote, Mem have all been breached).

✓ Cloud provider employee access (Notion staff can technically read your notes).

✓ AI provider training (OpenAI / Anthropic / Google won't see your data).

✓ Legal compulsion (with ADP, Apple cannot decrypt your data even with subpoena).

✓ Network surveillance (TLS + on-device processing means there's nothing to intercept).

✓ Device theft (FileVault / device passcode protects local data).

What Némos doesn't protect against:

• Forensic device access by someone with physical possession + your passcode.
• Targeted government attacks on your device (no app can fully protect against this).
• Misconfigured iCloud (e.g., sharing a note publicly and forgetting).

Bottom line: Némos is among the most private note apps in 2026. The on-device-only AI architecture means even Apple's PCC doesn't see your data. For users where privacy is non-negotiable, Némos is built for you.