Effective Date: January 1, 2020 – What’s New >>
In the event of a conflict, the English language version shall govern.
Please note, if you use Evernote Basic, Plus, or Premium, you are both the Account Holder and End User of an Evernote Service account. If you use Evernote Business, the Account Holder is the Customer who has contracted with Evernote as defined in our Evernote Business Agreement and the End Users are the individuals whose user accounts are linked to that Evernote Business account. You can find these and other defined terms used in this policy in our Glossary at the end of this page.
If you are an End User of an Evernote Business account, please note that the Account Holder of your Evernote Business account (such as your employer or organization) may have established its own rules regarding End Users’ access, use, disclosure, or retention of data stored in that account. Also note that while an Administrator of an Evernote Business account has access to the End User accounts linked to that Evernote Business account, an Administrator cannot access any other accounts that are not linked to the Evernote Business account. You can find more information on how your personal Evernote Service account works with your Evernote Business account by visiting https://help.evernote.com/hc/en-us/articles/209005287.
Although significant changes are rare, this policy may be amended as new features, technology, or legal requirements arise, so please check back from time to time. We’ll notify you if we make a significant change and, where required, seek your consent.
We built Evernote to help you remember and organize your ideas, thoughts, and memories. That means you can input, upload, or store in Evernote any text, images, and other data that you choose—we refer to that information as“Content”. We also collect and receive the following types of information:
We also may link your subscriber information with data we receive from our partners and other third parties to help understand your needs and provide you with a better experience. For example, if you create or log into an Evernote account using your Google Apps credentials via single sign-on, we will have access to certain information such as your name and email address as authorized in your Google Apps profile settings.
We’ve listed the types of information we collect and receive more specifically in the chart below. Generally, we collect this information to support your account and to help us understand how you use the Service so we can make it better. We have noted which types of information are not collected unless you choose to provide it.
If you register for or maintain an Evernote service account:
|We collect||Why we collect it|
|Your username, email address, and contact preferences||
|Your name, image, and other personal information, if you choose to share it||
|The geographic area from which your computing devices interact with the Service, your preferred language, and, if you select the option to share it, your mobile device location information||
|Your device information||
|Your telephone number, if you choose to share it||
|Your calendar information, only if you select the option to share it||
|Actions you perform when using the Service (e.g., creating a note or sharing a note)||
|Whether your account was created or referred through a reseller or other partner who helps distribute or promote Evernote accounts||
|Your payment information, if you purchase a subscription||To process your payment.|
In addition to the information above, there are certain cases where we receive or collect supplemental information, as outlined below.
Additional information we collect in connection with Evernote Business accounts:
|We collect||Why we collect it|
|Organization name and email address of Account Holder and End Users||
|Billing information (e.g., postal address, email address, and telephone number)||
|Employment-related personal information (e.g., your business title) – if you elect to share it||
If you use our Web Clipper browser extension or "Save to Evernote" button:
|We collect||Why we collect it|
|A record of the source website from which you save Content||
If you have installed the Web Clipper, when you visit certain websites the Web Clipper may notify you of available integrations with the Service or about products, services or features that we think will help you get more out of the Service. The Web Clipper does not track or create a record of your browsing activity.
If you visit an Evernote website:
|We collect||Why we collect it|
Your email address (if you provide it)
Information Evernote Derives
We may derive information or associate categories with you based on the information we or our partners collect. For example, we may make a determination about your location based on your IP address.
We have specific rules for how and when we use the information we collect and receive. We describe these below.
We are committed to protecting the privacy of your information. Below, we describe the ways in which we use the information we collect and receive to provide, maintain, and improve the Service; to provide troubleshooting and customer support; to protect the Service for all our users; to contact you; and to administer Evernote Business accounts.
You may opt out of promotional communications at any time by following the opt-out or “unsubscribe” instructions provided in emails or by logging into your Evernote service account via our web site at www.evernote.com and going to Settings > Personal Settings > Contact Preferences to change your contact preferences. You can also change your in-app notification preferences through your device settings. You will continue to receive essential Service-related and account-related information (such as notification that your paid subscription is about to expire), even if you unsubscribe from promotional emails or turn off in-app notifications. Evernote Business users will also continue to receive a daily summary of activity associated with their Business account.
Similarly, if we learn of a security system breach, we may attempt to notify you and provide information on protective steps, if available, through the email address, phone number or other contact information that you have provided to us or by posting a notice on our web site and/or via other communication platforms. Depending on where you live, you may have a legal right to receive such notices in writing.
Would someone at Evernote ever view my Content?
You have control over who sees your Content. We limit the use of your Content to make sure that no one at Evernote can view it unless you expressly give us permission or it’s necessary to comply with our legal obligations. Specifically:
If you send Evernote an error report and choose to attach application activity logs, please note that such logs may contain Content (for example, the title of a note or notebook). You may edit Content out of your activity logs before you send them to us.
To test and improve our product offerings for our users, we use aggregated data that does not contain any personal information, does not identify any person, and cannot be connected to any specific user. This policy is not intended to apply to such anonymized/de-identified data.
Evernote is not in the business of selling or renting your information. Here are instances when we may disclose your information — and then only the minimum information necessary:
We do not share your information with any third parties for their own advertising purposes.
Examples of our service providers include PayPal and Adyen for processing payments from our paid users, Salesforce for helping us with our email communications and Evernote Business sales outreach, and analytics providers like Google Analytics. Other service providers include resellers that we work with to help distribute Evernote. If you purchase a Paid Service from a reseller instead of directly from Evernote, we may need to share limited information with the reseller to ensure accuracy in payment, account management, and delivery of services to you.
There are features in Evernote that allow you to publish and share some of your notes and notebooks publicly, but these are optional. Any information that you post in these locations, or in our user forum, can be read, collected, and used by anyone and could enable others to send you unsolicited messages. Evernote enables you to determine whether to post personal or otherwise sensitive information to publicly accessible areas of our site, so you should carefully consider how you use the Service. Evernote is not responsible for any publication or use of any information you choose to post in these locations.
When you use Collaboration Features, people you share with may see your user profile.
In addition, when you use Collaboration Features, the information you share is no longer private to you. For example, by publishing or sharing any portion of your Content, you may be enabling each recipient of the shared material to access, use, display, perform, distribute, and modify that material. In addition, Evernote enables you to use a variety of third-party services and applications that interact with the Service, and you should review the access rights you provide to those services or applications, as you may enable them to access or extract your Content through your agreements with those parties. More information on the nature of these permissions may be found on our Third Party App Permissions page.
Depending on the permission levels you set when sharing Content, anyone who has access to the shared material may be able to see the Content, information about where and when the Content was created, as well as the note history, tags, and reminders associated with a particular note.
Evernote works with a number of third-party applications and services. In some cases, Evernote will partner with another company to provide an integration. In addition, in our App Center, you can find a number of third-party applications and services that work with Evernote. If you connect your Evernote account to these third-party services, you may be giving the partner access to some or all of your data, including, in some cases, your Content.
Providing such access is entirely voluntary, and you’ll receive notice and must consent before such access is granted. You’ll always be able to check which applications or services are authorized to access your account by visiting the applications page in your account. You’ll also be able to turn off access from connected applications and services whenever you want.
We vigilantly protect the privacy of your account. We will not disclose your information to law enforcement or other governmental authorities unless we believe it is required to comply with warrants, court orders, subpoenas, or other lawful government requests. This may include responding to legal requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards of due process.
We narrowly interpret all information requests, and we only disclose Content in your account that is specifically responsive to a government warrant or where you have provided your explicit consent. In accordance with our user notice policy, we will notify you if we believe we are compelled to comply with a third party’s legal demand for your information, and we routinely push back on government orders to delay user notice that we view as overly broad. You can find more information in our current Transparency Report.
In addition, in rare cases, we may share your information as necessary to investigate or take action regarding illegal activities, suspected fraud, or potential threats against persons, property or the systems on which we operate the Service, or as otherwise necessary to comply with our legal obligations.
Consistent with our first law of data protection—your data is yours—in most cases, you can manage your information simply by logging into your account and editing your information directly within the Evernote Service.
A Note for our European End Users about our Data Processing Grounds and your Data Access Rights
We process personal data originating from the European Economic Area (“EEA”), the United Kingdom, and Switzerland on one of three grounds, depending on the circumstances: (i) your affirmative consent, in which case you will have the right to withdraw consent at any time; (ii) contractual necessity; or (iii) our legitimate interest in providing the Service.
Below is an explanation of the the data access rights Evernote makes available to EEA, UK and Swiss individuals.
|YOUR RIGHTS||WHAT DOES IT MEAN FOR YOU?|
|Right to access||
|Right of rectification||
|Right to data portability||
Right to object
How long does Evernote store my information?
Evernote's mission is to help you remember everything important in your life. In order to do that, we make the Content you store in Evernote readily accessible to you, until you make the decision to delete it.
If you delete your Content and then sync, it will no longer be accessible to you or others who may access the Service. The Evernote service’s back-up systems may retain residual copies of your deleted Content for up to one year due to the nature of those systems’ operations.
Evernote provides you with features that allow you to communicate and collaborate with other users. Please note that deleting your copy of these communications (such as messages) won't delete copies existing in the accounts of people you were interacting with.
For users who are inactive for extended periods of time, we may close your account to satisfy our obligations under applicable law, and in accordance with our data retention policy. If that happens, we will try to notify you before taking any action.
What happens if I want to stop using Evernote?
As described above, you can delete your Content at any time, and you can stop using the Evernote service at any time. And as we promise in our third law of data protection, your data is portable. You can export your notes at any time, as explained here.
What happens if Evernote closes my account?
If Evernote deactivates your account due to a TOS violation, then you may contact us to request deletion of your Content, and we will evaluate such requests on a case by case basis, pursuant to our legal obligations.
Where does Evernote store my information?
When you use Evernote Software on your computing device, such as by using one of our downloadable applications, some of your data will be stored locally on that device.
When you sync your computing device with the Service, that data will be replicated on servers maintained in the United States. This means that if you store information in or submit data to the Evernote website or Evernote Software and sync such Evernote Software with the Evernote service, you acknowledge your personal information will be transmitted to, hosted, and accessed in the United States.
Which Evernote company is my data controller?
If you live in Brazil, your data controller is Evernote do Brasil Serviços de Aplicaçōes Ltda. (“Evernote Brasil”). If you live in the United States and Canada, your data controller is Evernote Corporation (headquartered in California). If you live anywhere else, your data controller is Switzerland-based Evernote GmbH.
Evernote uses two data transfer mechanisms: the Standard Contractual Clauses and the Privacy Shield Frameworks.
Standard Contractual Clauses
Evernote utilizes the Standard Contractual Clauses, which are contract terms developed and approved by the European Commission as ensuring adequate protection for data subjects when transferring personal data from the EEA, the United Kingdom (“UK”), or Switzerland to the United States and other countries. The Standard Contractual Clauses are generally referenced within a Data Processing Agreement entered between Evernote and the applicable parties.
Privacy Shield Frameworks
In addition, Evernote Corporation has certified its compliance with the EU-US Privacy Shield and the Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data from EEA member countries, the UK, and Switzerland
As used in this notice, "personal data" means information that (i) is transferred from the EEA, the UK, or Switzerland to the United States, (ii) is recorded in any form, (iii) is about, or relates to, an identified or identifiable individual, and (iv) can be linked to that individual. This notice outlines our general policy and practices for implementing the Privacy Shield Principles for personal data.
The Evernote Corporation has certified that in respect of all personal data it receives from the EEA, the UK, and Switzerland in reliance on the Privacy Shield, it will adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfers, Security, Data Integrity & Purpose Limitation, Access, and Recourse, Enforcement and Liability. To access the Privacy Shield List and to find details of our certification, please visit: https://www.privacyshield.gov/list.
If we ever need to use your personal data for a purpose that is materially different to the purposes we collected it for or that you later authorize, we will notify you and provide you with the opportunity to opt-out.
Under the Privacy Shield, Evernote Corporation will remain liable if its third-party service providers process your personal data in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
Residents of the EEA, the UK, or Switzerland who believe that their personal data has not been processed in compliance with the Privacy Shield Principles may raise their complaint in the following ways:
You may have the right to access personal data that we hold about you and request that we correct, amend, or delete it if it is inaccurate or processed in violation of Privacy Shield. Please contact us, as provided above, to make such a request and we will consider it in accordance with the Privacy Shield's Principles.
The Federal Trade Commission has investigation and enforcement authority over our compliance with the Privacy Shield.
Please note that we may disclose personal data to respond to subpoenas, court orders, legal process, or government requests (including in response to public authorities to meet national security or law enforcement requirements).
Consumers residing in California are afforded certain additional rights with respect to their personal information under the California Consumer Privacy Act or (“CCPA”) (California Civil Code Section 1798.100 et seq.). If you are a California resident, these terms and conditions apply to you.
California Consumer Privacy Act
We provide the following additional disclosures related to the collection, use, and disclosure of personal information under the CCPA:
Your Consumer Rights
California consumers have the right to request access to the specific pieces of personal information we have collected about them in the last 12 months. You may also request additional details about our information practices, including the categories of personal information we have collected about you, the categories of sources of such collection, the business or commercial purpose for collecting personal information, the categories of third parties with whom we share your personal information, and the categories of personal information we have disclosed about you in the preceding 12 months. If you are a California consumer, you also have the right to (i) request deletion of your personal information (subject to certain exceptions), (ii) opt out of sales of personal information, and (iii) receive equal service and price and not be discriminated against even if you exercise any of your other CCPA rights.
California consumers may make requests by following these instructions:
Note that in order to fulfill your request, we may need you to provide certain information to verify your identity. You can also designate an authorized agent to exercise these rights on your behalf. We will not discriminate against you if you choose to exercise your rights under the CCPA.
Does Evernote allow children to use its Services?
Our Services are designed for adults, not children under the age of 16. As such, we do not intend to collect personal information from children under the age of 16, and our Services are not designed to manage such information. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at firstname.lastname@example.org.
How does Evernote respond to Do Not Track signals?
Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this time, Evernote does not currently respond to or otherwise take action in response to web browser "do not track" signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information about an individual consumer’s online activities over time and across third party websites or online services. For information about Do Not Track, visit www.allaboutdnt.org.
How can I contact Evernote?
305 Walnut Street
Redwood City, California 94063 USA
Attention: Privacy Team
c/o Centralis Switzerland GmbH
Dufourstrasse 101, 8008 Zurich, Switzerland
Attention: Privacy Team
EVERNOTE DO BRASIL SERVIÇOS DE APLICAÇÕES LTDA.
Avenida Paulista, no 2.300
Edifício São Luís Gonzaga
CEP: 01310-300 São Paulo/SP
Attention: Privacy Team