nab.it is where you keep your tasks, ideas, and notes — so privacy and security aren't a feature, they're part of the product. Here's plainly how it works.
Your data is yours
You own everything you capture. We don't sell your data, and your notes are never used to train AI models. Our analytics measure the loop — how the app is used — never the content of your nabs.
Isolated to your account
Every nab lives under your account and is readable only by you. Database rules deny all direct client writes — changes go through our authenticated server, which enforces who can touch what. Internal and rate-limiting data is fully off-limits to clients, and anything not explicitly allowed is denied by default.
Encrypted in transit and at rest
All traffic is served over HTTPS/TLS, and your data is encrypted at rest on Google Cloud infrastructure. When you connect a calendar, the access tokens get an additional layer of app-level AES-256-GCM encryption with a key derived at runtime — the system refuses to store them in the clear. Sessions are short-lived and can be revoked.
Offline-first by design
nab.it works without a connection. You can capture, organize, and complete with no internet, and everything reconciles when you reconnect. Your data lives on your device too — not only in the cloud — so the app never holds your thoughts hostage to a network.
AI that only suggests
When you ask for help — like turning a quick capture into an organized nab — the AI only ever proposes. It never moves, completes, or deletes anything on its own; you approve each change with a tap. Every AI route is authenticated, rate-limited, and bounded by per-user and global spend caps with an automatic kill switch, and its output is validated against a strict schema. Your content is treated as inert data, never as instructions.
Responsible disclosure
Found something? We want to hear from you. See our responsible disclosure policy and email info@nab.it.com. We act in good faith with researchers who do the same.
Frequently asked
- Is my data private?
- Yes. Your nabs are isolated to your account — only you can read them. We don't sell your data, and your notes are never used to train AI models.
- Does the AI read or train on my notes?
- AI suggestions (like Clarify) send only the text you ask about to our provider for that one request — it isn't used to train models. The AI only ever suggests; it never changes or deletes anything on its own. You approve every change.
- Does nab.it work offline?
- Yes — nab.it is offline-first. You can capture, organize, and complete nabs with no connection; everything syncs when you're back online. Your data lives on your device too, not only in the cloud.
- How is my data protected?
- Everything travels over HTTPS/TLS and is encrypted at rest on Google Cloud. Connected-calendar tokens get an extra layer of app-level AES-256-GCM encryption. Sessions are short-lived and revocable.
- Can I export or delete my data?
- Yes. You can delete your account and data — see our account-deletion page — and you can email info@nab.it.com to request an export. Your data is yours to take or remove.
- How do I report a security issue?
- We welcome responsible disclosure — see our disclosure policy and email info@nab.it.com. We don't take legal action against good-faith research.
This page describes how the product works today; it isn't a warranty or a substitute for our Privacy Policy and Terms.