Your vault is local
Notes, attachments, and vault folders are stored in the location you choose: a browser-local vault, a browser folder handle, or a desktop filesystem folder.
Privacy
Privacy
Lapis Notes is designed around local files and local app state. This page explains what stays on your device, what can leave it, and where third parties may be involved.
Summary
No hosted account required
Lapis does not currently operate accounts, hosted sync, hosted vault storage, or payment services for the app.
Core telemetry is off by default
The bundled diagnostics plugin is disabled by default. If you enable telemetry settings, diagnostics remain under the configuration you choose.
Plugins can change the picture
Community plugins, embedded web content, remote notebook packages, and external links may make their own network requests.
Information Stored Locally
The app stores vault content locally. Browser vaults may use Origin Private File System, IndexedDB, or File System Access handles. Desktop vaults use folders you select on the filesystem.
Lapis also creates local generated state such as settings, workspace layout, search indexes, metadata caches, recent vault records, and app diagnostics. Desktop builds may store generated app state outside the selected vault in the operating system's app data directory.
When Network Requests Happen
Opening the website or web app loads static files from lapis.md or app.lapis.md. The hosting provider may process normal request data such as IP address, user agent, URL, timestamp, and security logs.
The app can also connect to the network when you open external links, embed remote content, install or run plugins that use the network, run notebook cells that import remote packages or assets, fetch optional model assets, or choose to send information through a bug report or community channel.
Plugins And Third Parties
First-party bundled plugins are part of the app. Community plugins and other third-party services are controlled by their own authors and may have separate privacy practices. Review plugin source, permissions, and network behavior before installing or enabling plugins you do not trust.
Links to the project repository, community spaces, package CDNs, model hosts, or other services are handled by those services under their own policies.
Access, Deletion, And Backups
Because your vault data is local, you control access to it through your device, browser profile, filesystem permissions, backups, and any sync tool you use outside Lapis. Deleting a local vault or browser site data removes the corresponding local data from that environment.
If you send information to maintainers through the project repository, email, or a community channel, use that same channel to request correction or removal where the service allows it.
Changes To This Policy
This policy should change when Lapis adds hosted accounts, hosted sync, payments, new telemetry defaults, or other services that materially affect privacy. The latest version will be published on this page.