Security

The short version

• EU hosting on Hetzner. Your data does not leave the EU.
• Encrypted in transit (TLS 1.2 or higher) and at rest (full-disk encryption).
• OAuth-based MCP authentication with scoped, revocable tokens.
• Daily offsite database backups, weekly server snapshots, 30 day retention.
• No training on your notes.
• No third-party analytics read note content.
• Full data export anytime. Account deletion from settings (password confirmation required).

Certifications

No formal certifications yet. No SOC 2, no ISO 27001, no HIPAA.

Hjarni is a solo founder operation. Those audits cost five figures a year and take months of work. They make sense once there's enterprise revenue to justify them, and they're on the roadmap when that day comes. Until then, this page is what you get.

If your use case requires SOC 2 or HIPAA today, Hjarni isn't the right fit yet. Email me with what you're storing and I'll be straight with you.

Hosting and infrastructure

Hjarni runs on Hetzner Cloud in Germany. Hetzner is an EU-owned company operating ISO 27001 certified data centres. All your notes, attachments, and account data live on encrypted disks in the EU.

TLS is terminated at the application server using Let's Encrypt certificates managed by the deployment proxy.

Encryption

• In transit: TLS 1.2 or higher between your device and Hjarni.
• At rest: full-disk encryption on the application server and on backup storage.

Hjarni does not currently offer end-to-end encryption. The MCP server needs to read your notes in plaintext to return them to your AI client. If end-to-end encryption is non-negotiable for your use case, an app like Reflect is a better fit. I'd rather tell you that than oversell what Hjarni does.

Authentication

• Email and password, hashed with bcrypt.
• Sign in with Google.
• MCP connections use OAuth 2.0. Each AI client gets its own scoped token. You can revoke any token from settings.

Two-factor authentication is on the roadmap. Sign in with GitHub is also planned.

How AI clients see your data

When you connect Claude, ChatGPT, or another MCP client, the client sends authenticated requests to the Hjarni MCP server. The server returns the notes, folders, and search results the request asked for. Nothing else.

What Hjarni stores about these connections:

• Request metadata (timestamp, tool name, account ID) for 30 days, for debugging and abuse prevention.
• The content of your AI conversations is never logged.
• Note content is never sent to Anthropic, OpenAI, or any AI provider by Hjarni. The AI client makes those calls on your machine.

Backups and recovery

Two layers:

1. Nightly database backups to offsite object storage, 30 day retention.
2. Weekly full server snapshots via Hetzner.

Data handling

• No training on your notes. Not by Hjarni, not by any subprocessor.
• No third-party analytics tools (no Google Analytics, no Mixpanel) operate on note content.
• Marketing site analytics are privacy-first and stay on the marketing site.

Subprocessors

The companies that process data on Hjarni's behalf:

Material changes to this list are announced by email.

Payments

Card details go directly to Stripe. Hjarni never sees or stores your card number. Stripe is PCI-DSS Level 1 certified.

Your rights

• Export everything as Markdown anytime from settings.
• Delete your account anytime from settings. Data is removed within 30 days, including from backup rotations.
• Request a copy of personal data held: evert@hjarni.com.
• Lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit) if needed.

See the Privacy Policy for the full GDPR breakdown.

Reporting a security issue

Email evert@hjarni.com. Responsible disclosure is appreciated. No bug bounty programme yet, but I'll respond fast and credit you publicly if you'd like.

On the roadmap

• Two-factor authentication
• Sign in with GitHub
• Per-account audit log
• SOC 2 Type I when revenue justifies the audit cycle
• Customer-managed encryption keys (later)