This Privacy Policy explains how Notae collects, uses, protects, and shares your personal information. By using the Notae application, you consent to the practices described in this policy.
1. Introduction
This Privacy Policy applies to the Notae mobile application ("Application" or "App") for iOS devices, created by Denis Yaremenko ("Service Provider", "we", "us", or "our") as a freemium service.
We are committed to protecting your privacy and being transparent about our data practices. This policy describes:
- What information we collect and why
- How we use and protect your information
- Your rights and choices regarding your data
- How we comply with privacy laws and regulations
2. Information We Collect
2.1 Information You Provide Directly
| Data Type | Purpose | Required? |
|---|---|---|
| Account Information Email address (optional), display name |
Optional sign-in, service communications | No (Anonymous login available) |
| Voice Recordings Audio files you create |
AI transcription via Whisper, storage, sync across devices | Yes (for transcription) |
| Text Content Notes, titles, tags, folders |
Note creation, organization, AI enhancement | Yes |
| Photos Images you upload |
Photo scanning via Claude Vision, text extraction | Optional |
| Payment Information Handled by Apple |
Subscription management (processed by Apple, not stored by us) | For Pro subscription |
2.2 Information Collected Automatically
| Data Type | Purpose |
|---|---|
| Device Information Device model, iOS version, unique device identifier |
Compatibility, bug tracking, support |
| Usage Data Features used, session duration, interactions |
App improvement, analytics, feature development |
| Performance Data Crash logs, error reports |
Bug fixes, stability improvements |
| Network Information IP address, network type (Wi-Fi/cellular) |
Service delivery, fraud prevention |
2.3 Location Information
The Application does not track or store your precise GPS location. We may derive general location information from your IP address for analytics purposes only (e.g., "United States" or "Ukraine"), but never specific coordinates.
3. How We Use Your Information
3.1 Primary Uses
We use your information to:
- Provide Core Services: Voice transcription, AI text processing, note storage and sync
- Process AI Requests: Send your audio/text to Whisper and Claude APIs for processing
- Account Management: Authentication, subscription management, user preferences
- Sync Across Devices: Use CloudKit to sync your data across your iOS devices
- Customer Support: Respond to inquiries, troubleshoot issues, provide assistance
3.2 Secondary Uses
- Analytics: Understand usage patterns, improve features, optimize performance
- Security: Detect fraud, prevent abuse, protect user accounts
- Communications: Send service updates, feature announcements (opt-out available)
- Product Development: Develop new features, test improvements
- Legal Compliance: Meet legal obligations, enforce Terms of Use
3.3 Marketing Communications
We may send you:
- Important service updates and security alerts (cannot opt-out)
- New feature announcements (can opt-out)
- Tips and best practices (can opt-out)
You can manage email preferences in the app settings or by clicking "unsubscribe" in any marketing email.
4. AI Processing and Third-Party Services
4.1 AI Service Providers
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| OpenAI Whisper | Voice transcription | Audio recordings | OpenAI Privacy |
| Anthropic Claude | Text enhancement, summarization, AI chat | Text content, prompts | Anthropic Privacy |
| Claude Vision | Photo scanning, text extraction | Images you upload | Anthropic Privacy |
4.2 How AI Processing Works
- You create a voice note or upload a photo
- We send your content to the AI service via secure API
- The AI service processes your content (transcribes audio, analyzes text/images)
- The result is returned to our app and saved to your account
- Your original content and AI results are stored in CloudKit
4.3 AI Data Retention by Third Parties
OpenAI: Processes audio for transcription but does not retain audio after processing (per their zero-retention policy for API users)
Anthropic: May temporarily store prompts for service improvement but does not train models on your data (per their privacy policy)
Note: These are third-party policies subject to change. Please review their privacy policies for current information.
4.4 Other Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Firebase Authentication | Anonymous user authentication, subscription management | Anonymous user ID, device identifier, authentication tokens (no email required) |
| Google Analytics for Firebase | Usage analytics | Device info, usage patterns, anonymized data |
| Firebase Crashlytics | Crash reporting and diagnostics | Device info, crash logs, stack traces |
| Apple CloudKit | Data sync across your devices | All your app data (notes, voice recordings, settings) |
| Apple StoreKit | Subscription management | Purchase history (handled by Apple, not accessible to us) |
5. Data Storage and Security
5.1 Where Your Data is Stored
- Primary Storage: Apple CloudKit (iCloud servers, encrypted)
- Local Storage: On your iOS device (encrypted when device is locked)
- Backup: iCloud backup (if enabled in iOS settings)
- Firebase: Anonymous authentication tokens, usage statistics, analytics (Google Cloud)
5.2 Security Measures
- Encryption in Transit: All data transmitted between your device and our servers uses TLS/SSL encryption
- Encryption at Rest: Your data in CloudKit is encrypted, and local device storage is protected by iOS encryption
- Secure APIs: All API communications with AI services are encrypted and authenticated
- Access Controls: Strict access controls limit who can access user data (only authorized personnel for support)
- Regular Audits: We conduct security reviews and update our practices regularly
- No Plain Text Storage: Sensitive data is never stored in plain text
5.3 Data Retention
| Data Type | Retention Period |
|---|---|
| Voice recordings & notes | Until you delete them or close your account |
| Account information | Until you delete your account + 30 days |
| Analytics data | 26 months (Google Analytics default) |
| Crash logs | 90 days |
| Support tickets | 3 years (for legal compliance) |
6. Data Sharing and Disclosure
6.1 We DO NOT Sell Your Data
✓ We never share your voice recordings with advertisers
✓ We never use your notes for marketing to others
6.2 When We Share Data
We only share your information in these limited circumstances:
- AI Processing: To Whisper and Claude APIs for transcription and text enhancement (necessary for core features)
- Service Providers: To Firebase, CloudKit, and other infrastructure providers (under strict data processing agreements)
- Legal Requirements: If required by law, court order, or government request
- Safety and Security: To prevent fraud, abuse, or protect user safety
- Business Transfers: In case of merger, acquisition, or sale of assets (users will be notified)
- With Your Consent: Any other sharing will require your explicit permission
6.3 Aggregated and Anonymized Data
We may share aggregated, anonymized data that cannot identify you individually, such as:
- Usage statistics (e.g., "70% of users use voice recording daily")
- Performance metrics (e.g., "average transcription time: 3 seconds")
- Feature adoption rates
7. Your Privacy Rights
7.1 Access and Control
You have the right to:
- Access Your Data: Request a copy of all data we have about you
- Correct Your Data: Update or correct inaccurate information
- Delete Your Data: Request deletion of your account and data
- Export Your Data: Download your notes and recordings
- Opt-Out: Unsubscribe from marketing emails
- Restrict Processing: Limit how we use your data
7.2 How to Exercise Your Rights
To access, correct, or delete your data:
- In-App Settings: Most data management available in Settings > Privacy
- Email Request: Contact [email protected] with your request
- Account Deletion: Settings > Account > Delete Account (permanent action)
We will respond to requests within 30 days as required by law.
7.3 California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of sale of personal information (we don't sell data)
- Right to delete personal information
- Right to non-discrimination for exercising privacy rights
7.4 European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):
- Right to access your data
- Right to rectification (correction)
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
8. Children's Privacy
8.1 Age Restrictions
We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will:
- Delete the information immediately
- Terminate the account
- Notify parents/guardians if contact information is available
8.2 Parental Notification
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected]. We will take prompt action to remove such information.
9. International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence, including:
- United States: Firebase, OpenAI, and Anthropic servers
- Worldwide: Apple CloudKit servers (distributed globally)
We ensure appropriate safeguards are in place for international transfers, including:
- Standard Contractual Clauses (SCCs) with service providers
- Compliance with Privacy Shield principles (where applicable)
- Adherence to GDPR requirements for data transfers
10. Cookies and Tracking Technologies
10.1 Mobile App Tracking
The Application does not use traditional "cookies" but does use similar technologies:
- Analytics SDKs: Firebase Analytics tracks usage patterns
- Device Identifiers: iOS Identifier for Vendors (IDFV) for analytics
- Local Storage: Stores app settings and data locally on your device
10.2 iOS App Tracking Transparency (ATT)
11. Data Breach Notification
In the unlikely event of a data breach that affects your personal information, we will:
- Investigate the incident immediately
- Notify affected users within 72 hours (as required by GDPR)
- Provide details about what data was affected
- Explain steps we're taking to prevent future breaches
- Offer guidance on protecting your account
- Report to relevant data protection authorities if required by law
12. Third-Party Links
The Application may contain links to third-party websites or services (e.g., OpenAI, Anthropic privacy policies). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.
13. Business Transfers
If Notae is involved in a merger, acquisition, or sale of assets, your personal information may be transferred to the new entity. We will:
- Notify you via email and/or prominent notice in the app
- Provide at least 30 days' notice before transfer
- Give you the option to delete your data before transfer
- Ensure the new entity honors this Privacy Policy
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect:
- Changes in our data practices
- New features or services
- Legal or regulatory requirements
- User feedback and best practices
14.1 How We Notify You
For material changes, we will notify you by:
- Sending an email to your registered email address
- Displaying an in-app notification
- Posting the updated policy on our website
- Updating the "Last Updated" date at the top of this policy
Your continued use of the Application after changes take effect constitutes acceptance of the updated policy. If you do not agree to changes, you must stop using the Application and delete your account.
15. Your Consent
By using the Notae Application, you consent to:
- The collection and use of information as described in this Privacy Policy
- Processing of your voice recordings and text by AI services
- Storage of your data in CloudKit and Firebase
- International data transfers as described above
You may withdraw your consent at any time by deleting your account, but this will prevent you from using the Application's services.
16. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
📧 Privacy Contact
Website: https://notae-production.web.app
Email: [email protected]
Privacy Officer: Denis Yaremenko
Response Time: We aim to respond to privacy requests within 30 days
For GDPR-specific requests, please mark your email "GDPR Request"
17. Data Protection Officer
For European users, our Data Protection Officer can be reached at:
- Email: [email protected]
- Response Time: 30 days for GDPR requests
18. Supervisory Authority
European users have the right to lodge a complaint with thei