Skip to content

Privacy and local data

Onnoir is designed around a local encrypted library. This page explains the practical privacy boundaries in plain language.

Before you start

Privacy depends on both product behavior and your device habits. Use your operating system account security, keep backups in a safe place, and avoid exporting readable Markdown to locations you do not trust.

Step-by-step

  1. Create the local library without an Onnoir account.
  2. Save the recovery key outside Onnoir.
  3. Keep encrypted .onbk backups in a location you control.
  4. Use Markdown export only when you want readable files outside the app.
  5. Choose whether to enable anonymous diagnostics during onboarding or in Settings.
  6. Read contact and bug-report forms before submitting them, because those messages leave the app/site by design.
  7. Treat future sync or publish features as optional unless you explicitly enable them in a later release.

What to expect

The current desktop beta stores the library locally and protects it with local encryption. Anonymous diagnostics are optional. When enabled, they may send app version, platform, feature area, operation result, timing bucket, and crash or fault class to help improve reliability.

Diagnostics never include note text, capture text, search queries, file names, media names, local paths, recovery keys, passphrases, or vault identifiers. Onnoir also stores a small diagnostics state file and local diagnostics log outside the encrypted vault so diagnostics can work before unlock on later launches.

Website download buttons may pass through an Onnoir redirect so aggregate platform/version demand can be counted. That is separate from desktop diagnostics and separate from note content.

Safety notes

Onnoir cannot protect readable exports after you put them somewhere else. A Markdown folder, zip, screenshot, support message, or bug report can contain information you choose to send or store outside the encrypted vault.

Troubleshooting

If you are unsure whether something leaves the device, assume contact forms, bug reports, download redirects, and external links leave the device. Notes, local files, backups, and exports stay under your control unless you move or submit them elsewhere.