Saber is an application developed by Adil Hanney that facilitates the user in creating and organising handwritten notes.
This privacy policy will change as the app evolves: you can view any changes on this page and can track the app's progress through the Saber progress discussion and the changelogs on the Releases page.
Data the application uses includes the user's:
- Notes (including images and backgrounds)
- Settings
- Online cloud service (referred to as "the cloud") credentials including:
- the cloud server URI
- the user's username
- the user's passwords to protect notes
- Device advertising ID and associated advertising data*
The application seeks to access the least amount of data possible and uses a zero-trust approach to cloud storage.
*The Android and iOS versions of the app (with the exception of the F-Droid edition) are supported by Google AdMob ads including Google's ad network and other GDPR-compliant ad networks. You can choose between personalized ads and non-personalized ads when you first launch the app, or at anytime on the Settings page. You can also disable ads completely on the Settings page if you wish.
The cloud is used to store and sync the user's notes and settings between the user's devices but is not necessary for the application to function.
To use this feature, users need to make an account on a Nextcloud server of their choice to use as a cloud service. For users who don't want to choose a custom Nextcloud server, the official Saber server — run by Adil Hanney — is hosted at nc.saber.adil.hanney.org.
To maintain privacy, all notes are encrypted before being sent to the cloud. A randomly generated key is used to encrypt the notes. This key and password are stored on the user's device in secure storage, and an encrypted form of the key is uploaded to the cloud.
With any cloud storage, the server owners can see and read any files you upload. This is why Saber encrypts your notes before uploading them to the cloud, so they're unreadable to the server owner.
- All information provided during the sign-up process, including but not limited to your username and email address.
- Information about any device that connects to the server, including but not limited to the device's operating system, browser, and IP address.
- An encrypted (scrambled) form of your notes. However, the server owner can see:
- The size of each note.
- The number of notes you have.
- The last time you edited a note, when it was created, and when you last synced.
- An encrypted (scrambled) form of your encryption key. This is required to enable cross-device syncing.
- Nextcloud is general-purpose software, so the server owner can see any other files you upload to the server and information you provide outside of Saber.
The source code is free and open to the public under the GPLv3 license and is available on GitHub.
How you can delete your data will vary based on which cloud provider you use.
- If you don't use a cloud provider, your data is only stored on your device.
If you delete the app, your data will be deleted with it. Desktop users will
also need to delete the
Saberfolder in your Documents folder. - If you use the default cloud provider, you can head to the account deletion page by going to Settings then "Delete account". You'll get an email with a link to confirm the deletion of your account. Once you click the link, your account will be deleted after a 1 week grace period. If you change your mind, contact me at [email protected] and I'll cancel the deletion.
- If you use a third-party Nextcloud server, there may be a "Delete account" option in the Settings. If not, you may need to contact the server administrator to delete your account. You should see the server's privacy policy for more information.
This application is developed by Adil Hanney. You can contact me at [email protected] for any enquiries, or create an issue on this repo (requires a GitHub account).