Information about Syncing & Privacy
Return to support library
TL;DR We don’t want to access any sensitive data and fortunately CloudKit takes care of it.
The team at Shiny Frog cares about producing useful software for macOS, iOS, and Web. We don’t want to sell your personal_ information. In fact, we don’t want to access your data at all. That’s why Bear relies on Apple’s CloudKit technology to sync your notes.
Every piece of information stored within CloudKit is encrypted with Apple’s private keys, and we don’t have access to users credentials or any sensitive data. Every piece of data sent or received from CloudKit is transmitted over a Secure Sockets Layer (SSL), which ensures no one can read your notes during transmission.
We chose CloudKit instead of a file based solution like iCloud, DropBox, or Google Drive because it performs much faster. Plus, CloudKit doesn’t require any registration or login to work; it relies on your iCloud credentials already stored in your devices.
Choosing a solution like CloudKit opens up the possibility to add collaborative features and, eventually, possibly even a web version.
We may access anonymous, in-app usage statistics in order to improve Bear App, but none of those data carry any sensitive information.
Advanced Data Protection
Bear Sync takes advantage of Apple’s Advanced Data Protection when it comes to syncing and storing your notes online on CloudKit. ADP provides a way to take advantage of iCloud and CloudKit, ensuring only you, as the possessor of your iCloud credentials, can decrypt your data. Once ADP is activated, no further steps are required in Bear.
Mind notes’ titles and tags’ names remain unencrypted to guarantee all the functionalities provided by Bear Pro work as expected.
Bear Web
Bear Web can be accessed by any major browser and requires the same iCloud credentials used to access Bear’s notes from Apple devices. The iCloud login provided by Apple triggers warnings and notifications accordingly to the user’s preferences.
The web app has access to your Bear notes and attachments only, and not any other iCloud data nor your credentials. Your Bear data is not saved locally, nor is it passed to servers other than iCloud.
To prevent unauthorized accesses, closing the web app page requires another login unless the ’trust this device’ functionality in the Sidebar ⠇ menu is enabled. The session expires also if you are inactive on the app for a time period controlled by CloudKit. The inactivity period can be extended by enabling the ‘remember me’ checkbox on the iCloud login form.
If ADP is enabled, you can only log in if you also have Two-Factor Authentication enabled and using username and password to log in. Other log in methods does not work with ADP.