Naute staging
Join waitlist

privacy

Privacy policy

Last updated April 2026

The short version. Naute is local-first. Your notes, documents, and attachments live on your device by default. We collect only what we need to run the service — and we never train AI models on your content.

This policy explains what data Naute (the "Service") collects, how we use it, and what rights you have over it. It applies to the Naute desktop app, web client, command-line tool, Model Context Protocol server, and marketing website at naute.ai.

1. Information we collect

Information you provide

  • Account information — your email address and, when you create an account, a password hash. If you sign in with a third party (e.g. Google), we receive the basic profile fields that provider shares with us.
  • Waitlist signups — if you submit your email to the waitlist, we store it (via our email provider, Loops) until you tell us to delete it or the service is launched.
  • Payment information — processed by our payment provider. We store only metadata (last four digits, plan, billing country), never card numbers.
  • Support correspondence — any emails or messages you send us.

Information generated by using the Service

  • Sync data — if you turn on sync, encrypted copies of your notes, documents, and attachments are stored on our servers to relay between your devices. If sync is off, nothing about your library ever leaves your device.
  • Usage telemetry — basic, anonymized metrics like app version, crash reports, and feature usage counts. You can disable this in settings.
  • Share links — if you publish a read-only share link, we store the shared note content and access-control settings for that link.
  • Device and log data — IP address, user agent, and request timestamps for sync, sharing, and account requests. Retained for 30 days for security and debugging.

2. What we don't do

  • We do not train foundation models on your notes, documents, or attachments.
  • We do not sell your personal data to advertisers or data brokers.
  • We do not read your notes except in narrow, logged cases where you've asked us to (e.g. a support request where you share access).
  • We do not share your content with AI providers unless you explicitly connect one via MCP or use an in-app AI feature — and then only for that single request.

3. How we use data

  • To operate, secure, and improve the Service.
  • To sync your library across your devices — only when sync is enabled.
  • To send service-related messages (receipts, security alerts, product updates).
  • To provide customer support.
  • To comply with legal obligations.

4. AI providers and the Model Context Protocol

When you use an in-app AI action, the relevant context (typically the current note, optionally linked notes) is sent to the AI provider you have selected. When you connect an external client via the Model Context Protocol, that client reads the specific notes it requests from your library, with your authorization. In both cases:

  • You choose the provider and can change it at any time.
  • The provider's privacy policy applies to that request.
  • We don't store a secondary copy of the content we pass through.
  • Every AI write is reviewable and reversible.

5. Subprocessors

We use a small number of vetted service providers to run Naute. Today this includes:

  • Railway — application hosting (US and EU regions).
  • Loops — transactional and marketing email.
  • Stripe — payment processing.

We'll update this list before adding any new subprocessor that processes personal data. Contact us for the current full list.

6. Cookies and analytics

The naute.ai website uses one cookie to remember your theme preference (dark or light). We do not use third-party advertising cookies. Any product analytics are anonymized and can be disabled in settings.

7. Data retention

  • Account data — for as long as your account is active, plus 30 days after deletion.
  • Waitlist email — until launch or until you ask us to remove it.
  • Billing records — as required by applicable tax law.
  • Logs — 30 days.
  • Sync data — deleted when you turn off sync or delete your account.

8. Your rights

Depending on where you live, you have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. Email us and we'll act within 30 days.

Because your library lives as regular files on your disk, the most important right — take it with you — is built in. Your notes are already yours.

9. International transfers

Naute is operated from the United States and Europe. If you use the Service from another region, your data may be transferred to and processed in those jurisdictions. We rely on standard contractual clauses where required.

10. Children

Naute is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children.

11. Changes to this policy

We'll update the "Last updated" date at the top when we change this policy. For material changes, we'll email account holders at least 14 days before they take effect.

12. Contact

Questions, requests, or complaints? Email us.