Privacy and Security

⬅Back to Lander

-

= Privacy and Security =

This section seeks to explain all important information relating to NovelAI's high standard in the protection of user data.


 * Privacy and Security
 * Encryption
 * Local Storage
 * Remote Storage
 * Account Termination
 * Changing Your Password

-

Encryption
Encryption is performed through the AES-256 standard. It possesses incredible entropy, meaning brute force attacks are practically impossible.

The combination of your User ID and password generates an unique Authentication Token on login. It lets the server know it's you, allowing it to know about your subscription, your settings, and which stories you own that are hosted on the server.

Logging in also creates an Encryption Key which is used to decrypt a Keystore.

The Keystore contains individual keys to each of your stories. The Keystore is also encrypted. Without the encryption key, the keystore cannot be accessed, and thus, your stories cannot be accessed. Even if someone were to obtain data from NAI's servers, they would not be able to recover any human-legible data from it.

All decryption is done solely on your device. However, generation requests are unencrypted. This is unavoidable: the GPU that runs the AI cannot process encrypted data. The GPU and Novel AI do not perform any logging of this data.



⬆ Return to Page Top

-

Local Storage
Stories are locally stored using your browser's Indexed Database in JSON format. The entirety of War and Peace is 3 MB of text, so you really don't have to worry about bloat.

Remember that your browser cannot record things permanently in Private/Incognito mode, so any stories made in such a session must be exported, or they will be permanently lost!

If you use cleaning software such as CCleaner, you might erase these databases. As a result, make sure you back up anything you really want to keep.

Storage is per device and per browser, so changing browsers will not let you access stories made on the previous one. This also applies if you use your phone instead of your computer, so you should use serverside hosting if you want to have access to stories anywhere.

Keep in mind that most browsers purge unused database entries after some time. Make sure you back up your stories regularly!

⬆ Return to Page Top

-

Remote Storage
Remote storage stores your stories in encrypted JSON on NovelAI's servers. They cannot read it without your auth token, which they do not store. All it knows about saved JSON files is their owner. There is no limit to how much storage you can request, as text compresses very easily and takes little space.

⬆ Return to Page Top

-

= Account Management =

All info here is a placeholder. It will be completed when possible.

Account Termination
Visit your Account Settings if you wish to request to Delete your Account. Once the procedure is completed, NovelAI purge all data that corresponds to your account permanently. You will not be able to recover any stories you have not backed up.

After tapping Request, you will need to enter the email address registered to your account to continue. This will send you a confirmation link you may use to delete your account.



Once you have the confirmation link, you have one more chance to abandon the account deletion process. If you are still completely sure you want to delete your account permanently, you may do so here.



⬆ Return to Page Top

-

Changing Your Password
You can change your password. This will re-encrypt all of your content, but you will not lose access to any of it.





If you fail to log in, you can click Reset password and follow the steps. Keep in mind that you will lose access to all serverside stories permanently if you change your password due to how the encryption works.

If the process fails you can try contacting the NovelAI support at support@novelai.net.

⬆ Return to Page Top