1. We keep the following information from you encrypted on our server in a manner where we have no access to it and no way of assisting ANYONE in providing access to information that is encrypted: (Only you and others you share particular information with can decrypt it.)
• The body (i.e., content) of all your Notes. (The Title of your Notes and the Title or Name you assign to your Media attachments are kept on our servers unencrypted.)
• Attachments to your Notes are always encrypted. This includes all Media attachments (where “Media” includes: pictures, video clips, audio clips and files)*.
• Free standing Media: Our app offers the capability to bring in copies of Media in your device’s Media library as well as to take pictures, video and audio within the App. Media attachments may exist independently from the Notes these may or may not be attached to. As said, whatever the source, these are transmitted to our server in a manner where we have no access to these. (The ‘Description’ or ‘Title’ of these attachments are kept on our servers unencrypted [whether you assign your own ‘Title’/‘Description’, or, whether you change their name from the customary timestamp or generic name the App/device provides].)
• The encrypted passwords of each of your Notes and Media attachments/stand-alone Media: Each Note/Media item has its own randomly generated password used by our app. We can’t access these passwords because they are stored on our server encrypted in a manner that only your devices (or other users you share a particular Note/Media item with) can decrypt.
*Some of these attachment/Media types will be available only in shortly forthcoming versions of our App.


2. We keep the following information unencrypted on our server:
• Your First Name, Last Name, City, Country: This is not provided to any third-party (nor do we allow any third-party to access this through us) except:
• If you share an item of information through our app with another of our app’s users, they will receive this information because they have to know who is offering to share a Note, Media Item or other information with them.
• If you permit it during onboarding, people may search for you using this information. If you don’t allow others to search for you (and don’t allow them to search for you via your email address or phone number [which requires that this other end user already knows your email or phone number in order to use it to search for you]), they will need to know your Username within our app to search for you.
• If another user knows your username for this App (that you choose when you onboard [and which is not changeable, so choose one you will keep]), they can search for you by that username. If they find you via username then: First Name, Last Name, City and Country will be shared with them because they will receive your public key, which has this information. The reason they will receive your public key is: They need it in order to make an offer to share their content with you. (You may block any user from sharing with you, but this limited information will be retained within their App.)
• By using this App you accept that the above 4 items of limited information may be shared in these circumstances with other users.
• We may use the country code to assign you to a nearest data center when you sync your devices.
• The Title of a Note and Title/Name/Description of Media and other attachments: We do not share this with anyone except when you make an offer to another of our users to share a particular Note or Media item. But, because this information is unencrypted, it could be compromised in the unlikely event our server is compromised, and we could be compelled by a government entity to turn it over. Especially due to the latter, do not put sensitive information in the Title of a Note or Description of a picture, video, audio clip or other attachment. E.g., “My Retirement Plan” is a better Title than “Blueprint for Bank Heist” (even though the contents of the Note might be the schema for this bank heist)! Note: We do not share this information with any third-party voluntarily, nor do we make it available to third-parties indirectly.
• Date and Time of creation and modification of Notes and its Media attachments and free-standing Media: We do not share this with anyone (other than those you choose to share with), but this information is on our server unencrypted. We use some of this information to enable our App syncing capabilities to function. (E.g., When a device syncs with our server, we look for only those Notes created/modified at a date/time after the last time said device performed a sync.)
• Your age range: We use this only internally and never give this out to any third-party. The reason you are asked for this when you onboard is solely to enable us to analyze our app metrics and determine which app functionality is most important to different age groups. None of these metrics are content-related.
• Metrics of the functions you use within our app: counts, percentages, preferences and time spent using a particular feature. Some examples are below (not an exhaustive list):
• How many times you use a particular search function (but not what you are searching for);
• Which View you use in our Preview Screen: Category View/Classic View (percentage time for each)
• Sort order you use in our Preview Screen: By Title/By Modified Date/Custom Order (and % of time spent in each sort order)
• Preferences like: Number of lines of a Note Body to display in Preview for a Note; whether you are displaying attachments in the Note bubbles in the Preview Screen. These metrics never contain or relate to personal information (other than your age group range [as mentioned]). This information will only be used in aggregate to help us improve our App. It is mandatory that you share this with us (due to complexity of allowing people to opt out). As a consequence, by using our App, you agree to share this information with us.
• Your X509 Certificate: This contains your public key (that others can use to encrypt information they send to you [where only you can decrypt it with your private key]). It also contains information about you that you have already agreed to share: First name, Last name, City, Country. Other users of our app can look this up via our app if:
• They know your app username;
• They know your first and last name and you have decided to enable people to search for you by your first and last name;
• They know your email address and/or phone number and you have decided to enable people to search for you by email and/or phone number.
• Digital Signature information: If you use our App to digitally sign a document, you agree that we can keep the digital signature on our server unencrypted along with the said information in your public digital (X509) certificate. This enables us to verify to other people (via use of our website when we, as planned, provide this capability) that a Note, Media (picture, video, audio) or attachment was created by you and not altered by anyone else (nor even by you after the time we receive it). In this case, we still do not keep the document you have sent to someone else, but, the receiver may send the document to us unencrypted for verification purposes. We do not keep the Notes or other content verified after the verification process is complete.
3. We keep the following information that you provide during onboarding encrypted on our server where we have access to it. (We keep it encrypted so that, in the unlikely event of a data breach on our server, malevolent actors will not be able to gain access to this information.)
• Your email address: We allow others to search for you by your email address if you allow others to. We never give this out to any third-party (except if you digitally sign content and the third-party already knows your email), nor do we allow third parties to contact you through us by sending information to us to disseminate to you. (I.e., you will not be receiving marketing emails from any third party because you have provided us with your email.) We use this to send you:
• OTPs:
• When you first sign up (onboard) with us, we send OTPs to both your email and your phone (to prove you own these and are who you say you are – at least as far as your control of both the email and phone number you provide).
• When you onboard a new device, we send OTPs to both your email and your phone (as well as require your username and password) before we are willing to enable this device as belonging to you and providing that device with all your Notes, Media attachments, stand-alone Media, etc. (noting that information that is encrypted on the server as stated in #1 above could not be read anyway unless the receiver has: Your username, app password and PIN, and the private key associated with your public key in the X509Certificate created when you onboarded).
• When you change your App password or App PIN, we send OTPs to both your email and your phone to ensure it is you (and you must be on a device that is logged into the App and therefore must know your old password and PIN).
• We will also send OTPs in other situations – e.g., if you discontinue service with us (though, we don’t know why you would ever want to do that!) and you decide to exercise your “right to be forgotten” and want your data completely removed from our server (because, we wouldn’t want anyone who didn’t like you to do that to you!), etc..
• Billing and account maintenance messages: If we can’t charge your card because it has expired, if there is a change in cost that will occur to a plan in the future, if you are running out of capacity in your current plan (and have to decide whether to upgrade or remove some data you don’t need).
• Important App-related email – examples (but not limited to):
• We are planning a maintenance outage (or have an unexpected outage) and you won’t be able to sync with our servers for a certain period of time;
• For security reasons – to notify you that your password or PIN has been changed (although you would have already ok’d that via OTPs).
• If we have added new features and want to make you aware of these or want to make you aware of a new release that has new features or resolves certain issues. (As few of these as possible – probably less than once per month.)
• Your phone number: We allow others to search for you by your phone number if they know it beforehand and you allow them to. We never give this out to any third-party (except if you digitally sign content and the third-party already knows your number^*), nor do we allow third parties to contact you through us by sending information to us to disseminate to you. (I.e., you will not be receiving marketing messages from us or from any third party because you have provided us with your phone.)
  Message and data rates may apply and you agree to continue to allow messages for these purposes when onboarding and while still using this app.
  We use this to send you:
• We message you only to send you OTPs, and we do so for the following reasons:
• When you onboard with us (to prove you own your phone number)
• When you add a new device (to prove that: it is you; that you own this device; and, that we should send your encrypted information to this device)
• When you change your password or pin (as your password and pin protects the individual passwords of each of your Notes)
• When you change your email address (to ensure it is you who are changing your address)
• If you exercise your Right To Be Forgotten (so that we can ensure it is you who is executing this)
• If you remove (delete) one of your devices
• If you renew or change your public-private key pair which protects your data (by enabling 2-way SSL connection and when others send the password for information they are sharing with you)
• If you digitally sign your content (to prove to others you are the author and that no one has changed your content ['content' means: Note, picture, video, audio clip, attachment, etc.] -- i.e., to protect your content from AI and impersonation) and send an extract of your digitally signed content to someone outside of our app, the recipient can use Tessellation's Signature Verification Service through our website to verify that it is really your content and that it is unchanged by anyone else. If the recipient already knows your email and/or phone and they enter it into our web page, we will verify whether the email and/or phone belongs to you and that the person who owns this email and/or phone (i.e. you) did sign the content. If the email/phone does verify, your email/phone number will be part of the results we send back so that recipient can show that the owner of the content sent is you (i.e., owns your email/phone number) and that it wasn't changed by other than you. Again, they already know your phone number in this case, or they will not receive it as part of a confirmation.
4. We keep the following information on our server in unencrypted format and we suggest that you do not put sensitive information in any of these items:
• The Title field of your Note or Description of your attachment or Media Item. While the information mentioned in (1) of this Privacy Statement is encrypted and inaccessible to us (or any malevolent actor who gains access to our server), including the body of a Note and the pictures, video, audio clips and other attachments, the Title of your Note/Description of a Media item or attachment is not encrypted.
• Category Names that you create to organize your information.
• Keyword tags that you assign to your Notes.
We will not provide this information to any third party or use it ourselves directly or indirectly except for the benefit of operating this application, e.g., when you offer to share your Note or Attachment with another user of our App we will offer the Title or Description of that Item that you entered when asking them whether they wish to accept or reject it. (Your Category Names and Keyword Tags are only shared with your other devices and not shared with anyone else [noting that these are kept on our servers unencrypted – as we don’t deem these to be important enough to encrypt].)
5. Sharing information: When you make an offer to share information with another end user through our app, we keep this information on our server. We know who you are sharing with and what you shared (only as to the one-line Title or Description you put on the Note, Media item or attachment). This information is kept on our server in an unencrypted manner, but, importantly, only you and the people you share with can actually decrypt and see the content of the Body of your Note (or any picture, video, audio or other attachment). We have no access to the content other than the Title or Description mentioned. (You may also share any of your Notes or other attachments by using the App’s functionality to forward an item via email, Air Drop, or in any other manner your device provides. We have no access to what you have shared if you use this external sharing functionality.) As with all information we have access to, we do not give any information to any third-party or let any third-party use or distribute directly or indirectly (with lawful Government requests being the exception -- again noting that we have no access to the body of your Notes or any attached Media [even to meet a lawful Government request]).
6. We share subscription payment information with Apple via our App which will transfer your credit card or payment information to Apple so that they can charge you on our behalf every month you are still a subscriber.
7. When you sync with our server we employ technology that is more advanced than possibly all Apps currently on the market:
   
• When you onboard, your device generates a public-private key pair where only you have the decrypted private key. (Your public key is sent to us in a CSR (Certificate Signing Request) so that we can sign it once we have verified your email and phone via OTP. We put your public key and our digital signature of your public key in an X509Certificate. This is all done for you automatically before you use the app to create your first Note. Your private key is encrypted with a very large password created from your App password and PIN and sent to our server in its encrypted form where we are unable to decrypt it. The purpose of keeping this private key [albeit encrypted] on our server is so that we can send it to your other devices when you onboard your other devices.) We will only sign your public key and create an X509Certificate (that you need to connect to our server when you sync) if you provide these two different OTPs when you onboard. In this way we ensure that you are the owner of the email and phone you provided us, AND...Importantly: No one can pretend to be you to add a device and obtain your information (even though they would also need your App Password and PIN to open the App and access your content.)
• Furthermore, when you sync with our server, it uses this signed public key (in said X509 certificate) to establish the 2-way-authenticated SSL connection with our server. (It is our belief that no other app provides this. Other apps establish a 1-way-authenticated SSL connection – proving to you that you are connecting with the other vendor's website, but not proving to the site you are connecting to that it is you. (It could be anyone with your password and PIN who is connecting.) With Tessellation, you not only need to have logged in to our App with your App password and PIN [where you can optionally store the App password in your keychain if it is an Apple device], BUT ALSO, it has to be from a device where you have your private key and X509 certificate with your public key] -- providing additional security. Once the connection is established, all data sent is further encrypted during transmission. No App is entirely safe under all circumstances, but we believe we come as close as possible to the highest standard.
• The App also uses your private key to digitally sign content if you request it to.

1. We use Amazon AWS as our “data processor” (a GDPR term that means they manage the server infrastructure, computers, network and disks on our behalf but do not control this information as we are the “data controller”). Our servers at AWS are protected by secure keys and only we have access to these servers. Only a small group of senior employees specifically designated has access to these servers.
2. The elements of your information our App encrypts with your password(s) (mentioned in paragraph #1 of the prior section of this Privacy Statement) cannot be accessed – even in the highly unlikely event a malevolent actor gains access to our servers. Even we have no access to said infromation and no way of decrypting it when it is stored on our server.
3. Your email and phone number are stored encrypted, but with our password (not with your password(s)) as we need access to this information for the purposes already stated. In the unlikely event of a server breach, it would be extremely difficult for a malevolent actor to gain access to this information.
4. The information mentioned in the first section of this Privacy Statement that is stored unencrypted (which, we believe is the least sensitive, but you will have to decide for yourself) would be accessible in the unlikely breach of our server security.
5. We intend to store all information in the United States for now until we grow our revenues to a point where having a data center in Europe, the UK or Asia makes financial sense. This means that the U.S. Government could, technically, order us to provide them with data. As discussed, the value of this data would be limited as we do not have access to your content beyond what has already been mentioned. Reminder: Title or Description and who you shared a Note/item with (if shared internally within this application) are discoverable if a government court order is issued. We will be required to share the data we do have access to upon lawful request by any law enforcement agency or branch of the Government.

Commitment and Enrollment in the EU-U.S. DPF (Data Privacy Framework) and UK and Swiss extensions to that framework:

We reserve the right to change this Privacy Policy at any time. For any substantive change, we will notify you via email and/or through a link in our App.

You have the right to have all your data erased from our server infrastructure. If you request this, your app will not be able to sync with our server again and all our information about you will be erased (except for the username you chose for this App [which we keep out of commission so that someone else doesn’t claim it and confuse others by pretending to be you]). We urge you not to exercise this right because: