Legal · Privacy EU-resident, GDPR + KVKK

Privacy at Knovya, in plain English.

Your data lives in the European Union — Hetzner's Falkenstein, Germany data centre — and the most sensitive notes can be sealed with optional AES-256-GCM end-to-end encryption that Knovya servers cannot read. We are GDPR + KVKK compliant by design, and the entire crypto layer is open-source for any researcher to audit without an NDA.

Last updated · Data controller Armeva · [email protected]

Four principles, no fine print

What we protect, what we never touch.

The short version of the policy below — the long version preserves every legal fact (Hetzner Falkenstein, GDPR Article 33, KVKK, AES-256-GCM, 90-day retention, the open-source crypto repo). No ads, no third-party analytics, no selling your data to anyone for any reason.

  • 01

    Your content is yours

    Notes, attachments, conversations — they belong to you. Knovya does not sell, rent, or share them with anyone. Export and delete are one-click features in your settings, not support tickets.

  • 02

    Limited AI, no training

    OpenAI handles search embeddings, Anthropic handles folder summaries. Only truncated excerpts cross the wire — never full notes. API terms with both providers prohibit using your data to train models.

  • 03

    EU residency, by design

    Your data lives in Hetzner Falkenstein, Germany. Backups are encrypted at rest with separate keys. We're GDPR + KVKK compliant; cross-border transfers ride on Standard Contractual Clauses.

  • 04

    No ads, no tracking

    We do not serve advertisements and do not load third-party analytics or fingerprinting scripts. We collect the minimum we need to run the service — account email, the content you create, technical signals for security.

What we hold on your behalf

The shortest possible list of data we collect.

Six categories total. Anything not on this list, Knovya does not collect.

  1. 01

    Account information

    Your email address, name, and a password stored as a salted, one-way hash — plaintext passwords never touch our database. If you enable two-factor authentication, we also keep your TOTP secret and a set of one-time backup codes.

  2. 02

    Profile (optional)

    You may add a profile picture, a username, and a short bio. These appear only to people you share content with — never to the public web unless you publish a note explicitly.

  3. 03

    Content you create

    Notes (text and structured block content), file attachments, comments, folders, tags, and any other knowledge you produce in Knovya. This is the core of what the service stores on your behalf.

  4. 04

    Technical signals (security only)

    Your IP address (used for login rate limiting, abuse prevention, and session records) and your user agent + device type (so you can see and revoke sessions device-by-device). We do not fingerprint your browser, and we do not load third-party analytics or tracking.

  5. 05

    Waitlist (pre-signup)

    If you join the waitlist before creating an account, we keep your email, plus the IP and user agent at the time of signup, strictly for spam prevention.

  6. 06

    OAuth provider data

    If you sign in with Google, GitHub, Apple, or Microsoft, we receive your name, email, and a provider-specific identifier. We do not access your contacts, your files, or any other resource from those providers.

A short list of things we will not see

What Knovya never reads.

Privacy is easier to keep when you write it down. These are the artefacts that, by architectural decision, sit outside our reach — even from a Knovya engineer with full database access.

  • End-to-end encrypted notes (Pro / Team). Per-note AES-256-GCM with PBKDF2 key derivation and a 30-minute auto-lock. The plaintext exists only in your browser — encrypted notes are not searchable or embeddable on the server.
  • Encrypted file attachments. Files attached to E2EE notes are sealed under the same per-note key. Knovya storage holds the ciphertext; the decryption key never leaves your devices.
  • SSO and OAuth tokens, beyond exchange. We hold the minimum proof-of-identity returned by Google / GitHub / Apple / Microsoft. We never use those tokens to read your email, calendar, contacts, or files at the provider.
  • Browser fingerprints or cross-site identifiers. No fingerprinting library, no third-party analytics, no advertising cookies. We do not buy or sell visitor data, and Knovya cannot be paid to surface a particular note over another.
  • Your full notes, when an AI feature runs. OpenAI receives at most a truncated 6,000-character excerpt for search embeddings; Anthropic receives only titles and ~500-character previews for folder summaries. Both providers are contractually prohibited from training on your data.
How the data flows

Purposes, providers, and the cookies on your machine.

Six purposes (each tied to a GDPR Article 6 legal basis), two AI sub-processors, nine third-party services, five storage items. Everything that touches your data, in one place.

A.

Six purposes, six legal bases

Providing the service
Storing notes, syncing across devices, search, sharing, collaboration. Performance of contract — Art. 6(1)(b)
AI-powered features
Semantic embeddings, folder summaries, contextual intelligence. Legitimate interest — Art. 6(1)(f)
Account security
Login rate limiting, session management, password breach detection, two-factor authentication, anomaly detection on suspicious sign-ins. Legitimate interest — Art. 6(1)(f)
Transactional email
Password resets, security alerts, account notifications, opt-in digest. Performance of contract / Consent — Art. 6(1)(b) / 6(1)(a)
Push notifications
Browser alerts for events you've subscribed to. Consent — Art. 6(1)(a)
Webhooks & API access
Delivering events to URLs and powering API clients you've configured. Performance of contract — Art. 6(1)(b)
B.

AI processing, in detail

Knovya uses two AI providers. Both work under API terms that prohibit training on customer data, and both receive only the minimum text required for the feature to work.

  • OpenAI Semantic search embeddings

    What we send: truncated note text up to ~6,000 characters (title, tags, content excerpt). The resulting vector embedding is stored in Knovya; OpenAI does not retain the original text.

  • Anthropic Folder summaries & contextual intelligence

    What we send: note titles plus short content previews (~500 characters per note). Full note bodies are never sent.

Knovya does not make automated decisions producing legal or similarly significant effects on you (GDPR Art. 22).

C.

Third-party processors

We do not sell, rent, or share your personal data with any third party for advertising or marketing. The processors below operate Knovya's core functionality — each one is bound by data processing terms.

  • OpenAI US Semantic embeddings Truncated note text (≤6,000 chars)
  • Anthropic US Folder summaries Note titles + short previews
  • Have I Been Pwned US Password breach detection First 5 chars of SHA-1 hash (k-anonymity — your password is never sent)
  • Resend / SendGrid US Transactional email delivery Email address, notification body
  • S3-compatible storage File attachment storage Uploaded file bytes (encrypted at rest)
  • Google FCM / Mozilla / Apple Browser push notifications Notification title, body, URL
  • Google Fonts Font delivery (CDN) IP address (standard CDN request)
  • jsDelivr CDN Client libraries (KaTeX, Mermaid) IP address (standard CDN request)
  • OAuth providers Social login (Google / GitHub / Apple / Microsoft) OAuth tokens, basic profile (name, email)
D.

Cookies & browser storage

Knovya uses minimal browser storage — strictly for functionality, never for tracking or advertising. No third-party cookies. You can clear browser storage at any time through your browser settings; doing so will sign you out.

  • knovya_session HttpOnly cookie Authentication token (API domain only · Secure · SameSite=Lax)
  • access_token localStorage Authentication for API requests
  • refresh_token localStorage Token rotation for session continuity
  • knovya_language localStorage UI language preference
  • notes-storage localStorage UI state (sidebar position, theme, view mode — no note content)
Residency & lifetime

Where your knowledge lives, and how long.

EU residency is not a feature flag at Knovya — it's the architecture. The data lives in Germany, the backups are sealed, the cross-border transfers ride on Standard Contractual Clauses, and every artefact has a published retention period.

A.

Data residency — Hetzner Falkenstein, Germany

Knovya's primary database (PostgreSQL with pgvector), Redis cache, and file storage all live on a tuned Hetzner host in Falkenstein, Germany. The host is inside the European Economic Area, so day-to-day reads and writes never leave the EU. Backups are encrypted at rest with keys that are stored separately from the data they protect.

Some sub-processors (OpenAI, Anthropic, transactional email providers) are based in the United States. When a feature requires a transfer outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. CDN requests (Google Fonts, jsDelivr) only expose your IP address — the same exposure as visiting any website.

B.

Retention — eight buckets, eight clocks

We keep data only as long as needed for the purpose. When you delete your account, we permanently delete all associated data; soft-deleted notes survive only the 30-day grace window before they are wiped.

  • Account data (email, name, profile) Until you delete your account
  • Notes & structured content Until you delete them — soft-deleted notes are wiped after 30 days
  • File attachments Deleted with their parent note
  • Read notifications Auto-deleted after 90 days
  • Unread notifications Auto-archived after 180 days
  • Session records 7 days
  • Temporary caches (embeddings, summaries) TTL — minutes to hours
  • Waitlist entries Until service launch or upon deletion request

Account deletion is irreversible. We do not maintain a "shadow copy" of deleted accounts, and we do not silently retain data outside this list.

How we keep it safe

Security, by defense in depth.

Encryption in transit, optional encryption at rest, hardened login, and a security contact that answers within 12 hours — including weekends. The crypto layer is open-source for any researcher to audit without an NDA.

  • L1

    Encryption in transit (everyone)

    All connections use TLS. HTTP traffic is redirected to HTTPS at the edge — no plaintext exposure between your device and Knovya, ever.

  • L2

    End-to-end encryption (Pro / Team)

    Per-note AES-256-GCM with PBKDF2 key derivation and a 30-minute auto-lock. Encrypted notes are not searchable or embeddable on the server — the plaintext exists only in your browser.

  • L3

    Password security

    Passwords are hashed with a secure one-way algorithm. New passwords are checked against the Have I Been Pwned breach database via k-anonymity — only the first 5 characters of the SHA-1 hash leave our server, never the password itself.

  • L4

    Account hardening

    Optional TOTP-based 2FA with backup recovery codes, device fingerprinting for session tracking, and anomaly detection that flags sign-ins from unfamiliar devices or geographies.

  • L5

    Session & rate-limit discipline

    Sessions are tracked per device with automatic expiration; you can view and revoke them in settings. Login attempts and sensitive operations are rate-limited to prevent brute-force attacks.

  • L6

    Database isolation

    Database connections are pooled and isolated per transaction via PgBouncer in transaction mode — a query from one user cannot accidentally read state from another's transaction.

Audit it yourself, no NDA

The crypto layer is open-source.

Knovya's end-to-end encryption is implemented in a dedicated repository under a permissive licence — independent reviewers can verify the AES-GCM construction, PBKDF2 iteration count, and IV-uniqueness logic without signing anything.

Read knovya-crypto on GitHub
Vulnerability disclosure

Talk to us at [email protected].

Response SLA 12 hours, weekends included
PGP key /security/pgp.txt
Disclosure window 90-day coordinated disclosure, CVE assignment
Breach notification Modeled on GDPR Article 33 — 72-hour notification window

If you discover a security vulnerability, please email [email protected]. Engineering reads that inbox personally.

If you want to act on your data

Your rights — and how to use them.

Under GDPR and applicable data-protection laws (including KVKK), you have seven concrete rights over your data. Each is exercisable by emailing [email protected] — we respond within 30 days.

  1. 01
    Access Request a copy of the personal data we hold about you.
  2. 02
    Rectification Ask us to correct inaccurate or incomplete data.
  3. 03
    Erasure Request deletion of your personal data. You can also delete your account directly from your Knovya settings.
  4. 04
    Portability Receive your data in a structured, machine-readable format — Knovya provides built-in export tools for your notes and content.
  5. 05
    Restriction Ask us to restrict processing in certain circumstances.
  6. 06
    Objection Object to processing based on legitimate interest. We will cease unless we have compelling legitimate grounds.
  7. 07
    Withdraw consent Where processing is based on consent (push notifications, digest emails), you can withdraw at any time through your notification preferences.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority — for KVKK in Türkiye, the Kişisel Verileri Koruma Kurumu (KVKK); for GDPR across the EEA, your member-state supervisory authority.

Children's privacy

Knovya is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, email [email protected] and we will promptly delete it.

Changes to this policy

We may update this Privacy Policy from time to time for legal, operational, or regulatory reasons. Material changes are notified by email or via an in-app notice before the changes take effect. The "Last updated" date in the hero is always the current revision date.

Three lanes, one inbox each

Privacy is a technical decision
before it is a legal one.

Knovya is built on the assumption that the most sensitive notes should never be readable by us, by our AI providers, or by anyone who might one day pressure us to read them. That's why the crypto layer is open-source — so the assumption is verifiable, not just stated.

Contact security

Or read the open-source crypto repo on GitHub.

EU residency · GDPR + KVKK compliant · open-source crypto · 12-hour security SLA