Privacy Policy
Effective Date: March 20, 2024
If this Policy is translated into any language other than English, in the event of a conflict, the English language version shall govern to the fullest extent permitted by applicable laws.
Introduction
We’re Bending Spoons S.p.A. (“we” or “us”), the parent company of Evernote Corporation (“Evernote”). With this privacy policy, we explain what information we collect, use, and disclose about you when you access or use Evernote websites and applications, which we refer to collectively as the Evernote Service (defined in the Glossary), contact the customer service team, engage with us on social media, or otherwise interact with us.
We provide this privacy policy in accordance with Regulation (EU) 2016/679 – General Data Protection Regulation (“GDPR”), the Italian Legislative Decree 196/2003 (as amended), and other applicable local laws, as amended or replaced (collectively, “applicable privacy laws”).
Please note, if you are an Individual Account user, you are both the Account Holder and End User of an Evernote Service account. If you use Evernote Teams, the Account Holder is the Customer who has contracted with Evernote as defined in the Evernote Teams Agreement and the End Users are the individuals whose user accounts are linked to that Evernote Teams account. You can find these and other defined terms used in this policy in the Glossary.
If you are an End User of an Evernote Teams account, please note that the Account Holder of your Evernote Teams account (such as your employer or organization) may have established its own rules regarding End Users’ access, use, disclosure, or retention of data stored in that account. Also note that while an Administrator of an Evernote Teams account has access to the End User accounts linked to that Evernote Teams account, an Administrator cannot access any other accounts that are not linked to the Evernote Teams account. You can find more information on how your individual Evernote Service account works with your Evernote Teams account by visiting https://help.evernote.com/hc/articles/209005287.
Although significant changes are rare, this policy may be amended as new features, technology, or legal requirements arise, so please check back from time to time. We’ll notify you if we make a significant change and, where required, seek your consent.
Who is the data controller and data protection officer?
Bending Spoons S.p.A. is the data controller. We’re an Italian tech company based in Via Nino Bonnet 10, Milan, MI 20154. Our VAT number is 08931860962.
For any requests about how we use your personal data, you can email us at privacy@evernote.com or contact our Data Protection Officer at dpo@bendingspoons.com.
What data do we collect?
You can input, upload, or store in the Evernote Service any text, images, and other data that you choose—we refer to that information as “Content”. We also collect the following types of personal data:
- Basic subscriber information. To open your account and process payments, we collect personal data like your email address and, depending on how you purchase a subscription to a Paid Service, your billing address and other payment information. We also may link your subscriber information with data we collect from our partners and other third parties to help understand your needs and provide you with a better experience. For example, if you create or log in to an Evernote account using your Google Apps credentials via single sign-on, we will have access to certain information such as your name and email address as authorized in your Google Apps profile settings.
- Usage data. We collect and log Internet or other electronic network information on how you and others access and use Evernote, for example, the act of creating a note or sharing a note. Usage data may be collected through cookies and similar technologies. For more information, including how to opt-out, visit our Cookie Notice.
- Location information. We collect the IP address you use to connect to the Evernote Service and — if you choose to share it — your location information from a mobile device.
- Device information. We collect information about the number and type of devices you use to connect to the Evernote Service, as well as information about the operating systems on those devices (e.g., iOS, Android, Windows) and the version of Evernote. For example, when you install, modify, or use an Evernote application we may collect personal data in order for the services to function properly, such as your device’s unique hardware identifiers (IMEI, SIM number, or other identifier). When you install, modify, or use an Evernote application, you may see permission requests or alerts regarding the device capabilities the application could potentially use.
In addition, we collect the following types of personal data when you use the Evernote Service:
Type of Information | Purpose | |||
|---|---|---|---|---|
Your username, email address, and contact preferences | To create and support your Evernote Service account. | |||
Your name, image, and other personal information, if you choose to share it | To display in your user profile, which may be visible to those with whom you share Content. | |||
The geographic area from which your computing devices interact with the Evernote Service, your preferred language, and, if you select the option to share it, your mobile device location information | To localize your interaction with the Evernote Service by, for example, displaying web pages or user interfaces in your preferred language, showing you website content or pricing information appropriate to your location, and improving features like search by allowing you to filter results by location. | |||
Your device information | To show you (on your account’s Access History page) which of your devices you have authorized to access your Evernote Service account and when you last accessed the Evernote Service from each device. | |||
Your telephone number, if you choose to share it | To help prevent spam, fraud, and abuse. | |||
Your calendar information, only if you select the option to share it | To enhance your notes with calendar information. | |||
Actions you perform when using the Evernote Service (e.g., creating a note or sharing a note) | To administer the Evernote Service and to improve the features and usability of the Evernote Service. | |||
Whether your account was created or referred through a reseller or other partner who helps distribute or promote Evernote accounts | To determine the amount of revenue share payments to make to partners with whom we might have such arrangements and to provide aggregated and/or anonymized revenue share reports. These partners could include resellers or distribution partners. | |||
Your payment information, if you purchase a subscription | To process your payment. | |||
Your photos | To enable you to use photo-related features such as adding a photo to a note via camera capture or on-device photos. | |||
Your contacts | To auto-complete email addresses when you share Content. | |||
A record of the source website from which you save Content | If you use the Web Clipper browser extension or “Save to Evernote” button, to record in the note created by Web Clipper the source of the material you’ve chosen to clip (e.g., the URL) for your future reference. This source-recording functionality will not be affected by your browser’s do-not-track settings. |
Please Note: If you have installed Web Clipper, when you visit certain websites, Web Clipper may notify you of available integrations with the Evernote Service or about products, services, or features that we think will help you get more out of the Evernote Service. Web Clipper does not track or create a record of your browsing activity.
Additional information we collect in connection with Evernote Teams accounts:
Type of Information | Purpose | |||
|---|---|---|---|---|
Email address of Account Holder and End Users | To create and support the Evernote Teams account. | |||
Billing information (e.g., postal address, email address, and telephone number) | To communicate with the Billing Contact on the account and provide account support. | |||
Employment-related personal information (e.g., your business title) – if you choose to share it | To display in your Evernote Teams account user profile, if you choose. |
If you visit an Evernote website, we may also collect:
Type of Information | Purpose | |||
|---|---|---|---|---|
Your name, company, email address, phone number, and other information you choose to share | To communicate with you, including to answer press or partnership inquiries. | |||
Information from cookies and similar technologies | Please see our Cookie Notice |
Information we derive
We may derive information or associate categories with you based on the information we or our providers collect. For example, we may make a determination about your location based on your IP address.
How do we use your data?
We have specific rules for how and when we use the personal data we collect. We are committed to protecting the privacy of your personal data. We use the personal data we collect to:
- Perform and personalize the Services. We use your personal data to provide you the Evernote Service, including to process transactions with you. We use a number of technologies to help you get the most out of the Evernote Service. Our systems automatically analyze your data to power Evernote features and to continually improve the Evernote Service for you in a way that does not require anyone to look at your Content. This may include, for example:
- Making sure you find what you’re looking for when you search your account.
- Showing you information most relevant to how you are or could be using the Evernote Service at a specific time or location.
- Suggesting actions for you to take based on information you’ve stored.
- Suggesting Evernote Service features or products to you that we think will help you get the most out of the Evernote Service.
- For Evernote Teams users, recommending people for you to collaborate with.
These activities are based on the contract we have with you (Article 6.1.b GDPR). - Maintain and improve the Services. To provide troubleshooting and customer support, the Customer Support team may need to access your personal data, such as your account email address and information about the Evernote application you are using, subject to the protections described below. We may also use your personal data to improve the Evernote Service such as debugging to identify and repair errors that impair existing intended functionality, conducting research for technological development and demonstration, and analyzing information to maintain or enhance the quality or safety of the Services. We will not use your Input or Output from an AI Feature (as defined in the Supplemental Terms) to train our artificial intelligence models or tools unless you direct us to do so.
The activities performed for customer support are based on the contract we have with you (Article 6.1.b GDPR). When you give customer support permission to access your Content, these activities are based on your consent (Article 6.1.a GDPR). The activities performed for troubleshooting, debugging, and service improvement are based on our legitimate interest to ensure the quality and the proper functioning of the services and improve the products (Article 6.1.f GDPR).
- Protect against security threats, abuse, and illegal activity. As part of our efforts to protect your account and the functionality of the Evernote Service, our systems may analyze the emails you send to and from your Evernote account and the notes you share to detect spam, malware, or other potential security concerns. If we determine that such material constitutes a Terms of Service or User Guidelines violation, we may block delivery of or unshare the problematic material, much like a spam filter works for your email inbox.
These activities are based on our legitimate interest to ensure the quality and the safety of the services (Article 6.1.f GDPR).
Learn more about steps you can take to protect your account, such as using strong passwords, two-step verification, and encryption.
- Communicate with you. We use your personal data to communicate with you in order to send important Service messages such as administrative messages, technical notices, or security alerts. If we learn of a security system breach, we may attempt to notify you and provide information on protective steps, if available, through the email address, phone number, or other contact information that you have provided to us or by posting a notice on the Evernote website and/or via other communication platforms. Depending on where you live, you may have a right to receive such notices in writing.
This activity is based on the contract we have with you (Article 6.1.b GDPR).
- Comply with laws. We also use information to satisfy applicable laws or regulations, and disclose information in response to legal process or enforceable government requests, including to law enforcement. For more information, please visit the section “How do we respond to legal requests for my information?” of this Privacy Policy.
When this activity is required by a specific legal obligation, your personal data may be used to the extent required to comply with the legal obligation itself (Article 6.1.c GDPR). When the applicable law leaves some discretion in assessing the appropriate way to comply with it, your personal data is used based on our legitimate interest to prove our compliance (Article 6.1.f GDPR).
- Market, promote, and maximize your engagement with the Services. In accordance with your communication preferences, we may use your personal data to send you promotional communications that may be of specific interest to you, such as information about new products and features, tips for using the Evernote Service, special offers, and information about how Evernote works with products and services from our business partners. These communications are aimed at maximizing what you get out of the Evernote Service. You may unsubscribe from promotional communications at any time by following the instructions provided in emails. You may also log in to your account settings and go to Personal Settings to change your contact preferences. You can change your in-app notification preferences through your device settings. You will continue to receive essential Evernote Service-related and account-related information (such as notification that your paid subscription is about to expire), even if you unsubscribe from promotional emails or turn off in-app notifications. Evernote Teams users will also continue to receive a daily summary of activity associated with their Teams account. In addition, we may display ads about our Services, including on other companies’ websites and applications, which may be informed by audits of interactions (like counting ad impressions).
These activities are based on your consent (Article 6.1.a GDPR). However, when we use your email to send you information about products and services related to or similar to the Evernote service (“soft opt-in”), the legal basis is our legitimate interest (Article 6.1.f GDPR).
- Protect our interests and rights. We use information where required by law or where we believe it is necessary to establish, exercise, or defend our rights and those of our employees, or to carry out corporate transactions or operations. For example, in the event of a merger, sale, or reorganization of all or part of our business, personal data covered by this policy may be transferred in connection with that deal.
This activity is based on our legitimate interest to establish, exercise, or defend our rights, and to carry out corporate transactions or operations (Article 6.1.f GDPR).
Would someone at Evernote ever view your Content?
You have control over who sees your Content. We limit the use of your Content to make sure that no one at Evernote can view it unless you expressly give us permission or it’s necessary to comply with our legal obligations. Specifically:
- To help refine or improve the technology, we may ask you for permission to review portions of your Content. For example, if a new feature suggests related notes that are relevant to your Content, we may give you an opportunity to provide us feedback on how well the feature is performing along with a sample of the Content in question, so we can make sure this feature provides appropriately tailored suggestions. Such access to your Content is done only with your express permission and is subject to strict confidentiality rules and data access controls. Choosing to give us such permission is completely voluntary.
- If you contact our Customer Support team for help with specific pieces of Content in your account (for example, if you can’t find a note you believe should be in your account), we may ask for your temporary permission to look at your Content. This permission terminates when the issue is resolved. If you send Evernote a help request and choose to attach application activity logs, please note that such logs may contain Content (for example, the title of a note or notebook). You may edit Content out of your activity logs before you send them to us.
- If we become aware of a potential violation of the Terms of Service or User Guidelines, we may suspend or close your account until the problematic material is removed. Under such a circumstance, we would only look at the Content in your account if you give us consent or if necessary to comply with our legal obligations, including to protect the safety of you or any other person.
This policy is not intended to apply to our use of aggregated, de-identified, or anonymized data.
How do we disclose your data?
We are not in the business of selling or renting your personal data. Here are instances when we may disclose your personal data — and then only the minimum information necessary:
- We disclose your personal data with our service providers who process data on our behalf, such as credit card processors and customer management systems. We require these providers to agree to strict data protection requirements in keeping with our privacy policy standards and our obligations under “applicable privacy laws. We do not share your personal data with any third parties for their own advertising purposes. For example, our service providers help us:
- Operate, develop, and improve the features and functionality of the Evernote Service.
- Complete your payment transactions.
- Fulfill your sales and support requests.
- Communicate with you as described elsewhere in this Privacy Policy. - If you purchase a Paid Service from a reseller, we may need to disclose limited personal data with the reseller to ensure accuracy in payment, account management, and delivery of services to you.
- Your Content is private unless you decide you want to share it. You may choose to share using public links or through any of the Evernote Service’s features that allow you to share or collaborate on Content (“Collaboration Features”). We may need to take steps to facilitate your collaboration. There are features in the Evernote Service that allow you to publish and share some of your notes and notebooks publicly, but these are optional. Any information that you post in these locations, or in the user forum, can be read, collected, and used by anyone and could enable others to send you unsolicited messages. You determine whether to post personal or otherwise sensitive information to publicly accessible areas of the Evernote site, so you should carefully consider how you use the Service. We are not responsible for any publication or use of any information you choose to post in these locations.
- When you use Collaboration Features, people you share with may see your user profile. If you have not added any profile information, then you will be identified by the email address associated with your Evernote Service account. If you are an Evernote Teams user, other members of your Evernote Teams account will see your full Evernote Teams account profile. Evernote Service users who are not in your Evernote Teams account will only see your profile name and image.
- In addition, when you use Collaboration Features, the information you share is no longer private to you. For example, by publishing or sharing any portion of your Content, you may be enabling each recipient of the shared material to access, use, display, perform, distribute, and modify that material.
- Depending on the permission levels you set when sharing Content, anyone who has access to the shared material may be able to see the Content, information about where and when the Content was created, as well as the history, tags, and reminders associated with the Content.
- You can use a variety of third-party services and applications that interact with the Evernote Service, and you should review the access rights you provide to those services or applications, as you may enable them to access or extract your Content through your agreements with those parties. - In the event of a merger, sale, or reorganization of all or part of our business, personal data covered by this policy may be transferred in connection with that deal.
- We may disclose personal data covered by this policy with our parents, subsidiaries, and affiliated companies.
- We also may disclose personal data about you to third parties whenever you consent to or direct such sharing. This includes, for example, if you connect your Evernote account with a third-party app in the App Center. We work with a number of third-party applications and services. In some cases, we will partner with another company to provide an integration. If you connect your Evernote account to these third-party services, you may be giving the partner access to some or all of your data, including, in some cases, your Content. Providing such access is entirely voluntary, and you’ll receive notice and must agree to such access before it is granted. Please consider your selection of such applications and services, and your permissions, carefully. We encourage you to review each party’s contract terms and privacy policy.
How do we respond to legal requests for your data?
We vigilantly protect the privacy of your account. We will not disclose your personal data to law enforcement or other governmental authorities unless we believe it is required to comply with warrants, court orders, subpoenas, or other lawful government requests. This may include responding to legal requests from jurisdictions outside of Italy where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards of due process.
We narrowly interpret all information requests, and we only disclose Content in your account that is specifically responsive to a government warrant or where you have provided your explicit consent. In accordance with our Information for Law Enforcement Authorities page, we will notify you if we believe we are compelled to comply with a third party’s legal demand for your information, and we routinely push back on government orders to delay user notice that we view as overly broad.
In addition, in rare cases, we may share your personal data as necessary to investigate or take action regarding illegal activities, suspected fraud, or potential threats against persons, property or the systems on which we operate the Evernote Service, or as otherwise necessary to comply with our legal obligations.
How can you manage the data we store?
In most cases, you can manage your information simply by logging into your account and editing your information directly within the Evernote Service. You can access your notes and notebooks from your Evernote account and export them at any time, as explained here.
If you prefer, you can contact us at privacy@evernote.com to ask us to provide access to, correct, update, or delete your personal data. Residents of certain regions may have additional or different rights in your personal data. Please see our Region-Specific section for more information.
How long do we store your data?
We make the Content you store within the Evernote Service readily accessible to you, until you make the decision to delete it. If you delete your Content and then sync, it will no longer be accessible to you or others who may access the Evernote Service. The Evernote Service’s back-up systems may retain residual copies of your deleted Content for up to one year due to the nature of those systems’ operations.
The Evernote Service provides you with features that allow you to communicate and collaborate with other users. Deleting your copy of these communications (such as messages) won't delete copies existing in the accounts of people with whom you were interacting.
For users who are inactive for extended periods of time, we may close your account to satisfy our obligations under applicable law, and in accordance with our data retention policy. If that happens, we will try to notify you before taking any action.
Our retention of your personal data is based upon several factors, including the length of time necessary to fulfill the purposes outlined in this Privacy Policy, to make the Evernote Service available to you, to demonstrate that we have fulfilled our business and legal duties and obligations and contractual commitments, or as instructed by you, unless a longer period is required or permitted by law. For example, we retain personal data processed for customer support purposes or to provide the Evernote Service for a maximum of three (3) years from your most recent interaction with the Evernote Service, or from the expiration of your subscription, and we retain personal data processed for compliance with legal obligations for a maximum of five (5) years from your most recent interaction with the Evernote Service, or from the expiration of your subscription. If you access the Evernote Service after your subscription has expired, the retention period starts from this most recent interaction. Specific legal obligations might require different retention periods and, in such cases, those different periods will apply. Upon the expiry of the data retention period, the data is either deleted or anonymized.
What happens if you want to stop using the Evernote Service?
As described above, you can delete your Content at any time, and you can stop using the Evernote Service at any time. You may also export your notes at any time, as explained here.
What happens if we close your account?
If we deactivate your account due to a violation of our Terms of Service, then you may contact us to request deletion of your Content, and we will evaluate such requests on a case-by-case basis, pursuant to our legal obligations.
Where do we store your data?
When you use Evernote Software on your computing device, such as by using one of our downloadable applications, some of your data will be stored locally on that device.
When you sync your computing device with the Evernote Service, that data will be replicated on servers maintained in the United States. This means that if you store information in or submit data to the Evernote website or Evernote Software and sync such Evernote Software with the Evernote Service, you acknowledge your personal data will be transmitted to, hosted, and accessed in the United States.
Data privacy laws or regulations in your home country may differ from, or be more protective than, those in the United States. We will collect, store, and use your personal data in accordance with this Privacy Policy and applicable privacy laws, wherever it is processed.
Other information
Are children allowed to use the Evernote Service?
The Evernote Service is designed for adults; we do not intend to collect personal data from children under the age of 16. If we learn we have collected personal data from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at privacy@evernote.com.
How do we respond to Do Not Track signals?
Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this time, we do not currently respond to or otherwise take action in response to web browser "do not track" signals. For information about Do Not Track, visit www.allaboutdnt.org.
How can you contact us?
We welcome your feedback regarding this Privacy Policy. If you have questions, comments, or concerns about this Policy, please contact us by email at privacy@evernote.com.