Updated November 1, 2022
Evernote has always been open about how we protect our users’ data. Our commitment to openness and transparency includes helping our users understand how we respond to third-party requests for account information.
This Transparency Report details—to the extent that we are legally permitted to do so—the number and type of requests for user information that we received in 2021. For criminal and civil requests, we have also provided the number of requests to which we responded by disclosing user data. Such transparency is not permitted for national security requests, but we are able to provide, in bands, the number of customer selectors targeted in the national security process we receive.
|Criminal and Civil
Demands for Data
|Criminal requests from US governmental agencies1||8||6|
|Criminal requests from foreign government agencies||3||0|
|Other third-party legal requests for user information||1||1|
|Number of NSL and FISA
|Number of customer
selectors targeted under
NSL and FISA process received
|US government national security requests2||0-250||0-250|
As outlined in our Information for Authorities page, we require requests for user information to meet minimum criteria in order to be considered.
In addition, we have a policy of notifying a user when we receive a legal request for information related to their Evernote account, except in very limited circumstances, as explained on our Information for Authorities page.
We support efforts to reform practices and laws regulating government surveillance of individuals and access to their information.
1This includes federal agencies like the Federal Bureau of Investigation, as well as state or local law enforcement agencies.
2Currently, the US government does not permit us to disclose the exact number of national security requests received, nor are we permitted to distinguish the number of National Security Letters ("NSLs") received from other types of national security information requests (such as search warrants pursuant to the Foreign Intelligence Surveillance Act ("FISA process")), unless we do so in bands of 1000. We think this restriction decreases transparency and especially harms companies like us that receive no or very few national security requests. If we want to report in smaller bands, we are required to group all types of national security requests together in a range from 0 to 250 as we have done above. We strongly support greater transparency regarding national security requests.
In the event of a conflict, the English language version shall govern.