2017 Transparency Report
Evernote has always been open about how we protect our users’ data. Our commitment to openness and transparency includes helping our users understand how we respond to third-party requests for account information.
This Transparency Report details—to the extent that we are legally permitted to do so—the number and type of requests for user information that we received in 2017. For criminal and civil requests, we have also provided the number of requests to which we responded by disclosing user data. Such transparency is not permitted for national security requests, but we are able to provide, in bands, the number of customer selectors targeted in the national security process we receive.
CRIMINAL AND CIVIL
Criminal requests from US governmental agencies1
Criminal requests from foreign government agencies
Other third-party legal requests for user information
NUMBER OF NSL AND FISA
NUMBER OF CUSTOMER
US government national security requests2
As outlined in our Information for Authorities page, we require requests for user information to meet minimum criteria in order to be considered.
In addition, we have a policy of notifying a user when we receive a legal request for information related to their Evernote account, except in very limited circumstances, as explained on our Information for Authorities page.
Evernote is a member of Reform Government Surveillance and the Digital Due Process Coalition. We support efforts to reform practices and laws regulating government surveillance of individuals and access to their information.
1This includes federal agencies like the Federal Bureau of Investigation, as well as state or local law enforcement agencies.
2Currently, the US government does not permit us to disclose the exact number of national security requests received, nor are we permitted to distinguish the number of National Security Letters ("NSLs") received from other types of national security information requests (such as search warrants pursuant to the Foreign Intelligence Surveillance Act ("FISA process")), unless we do so in bands of 1000. We think this restriction decreases transparency and especially harms companies like us that receive no or very few national security requests. If we want to report in smaller bands, we are required to group all types of national security requests together in a range from 0 to 250 as we have done above. We strongly support greater transparency regarding national security requests.
In the event of a conflict, the English language version shall govern.