Notae — Privacy Policy

Effective: February 8, 2026 · Denis Yaremenko

Your Privacy Matters

This Privacy Policy explains how Notae collects, uses, protects, and shares your personal information. By using the Notae application, you consent to the practices described in this policy.

01 Introduction

This Privacy Policy applies to the Notae mobile application ("Application" or "App") for iOS devices, created by Denis Yaremenko ("Service Provider", "we", "us", or "our") as a freemium service.

We are committed to protecting your privacy and being transparent about our data practices. This policy describes:

What information we collect and why
How we use and protect your information
Your rights and choices regarding your data
How we comply with privacy laws and regulations

02 Information We Collect

2.1 Information You Provide Directly

Data Type	Purpose	Required?
Account Information Email address (optional), display name	Optional sign-in, service communications	No (Anonymous login available)
Voice Recordings Audio files you create	AI transcription via Whisper, storage, sync across devices	Yes (for transcription)
Text Content Notes, titles, tags, folders	Note creation, organization, AI enhancement	Yes
Photos Images you upload	Photo scanning via Claude Vision, text extraction	Optional
Payment Information Handled by Apple	Subscription management (processed by Apple, not stored by us)	For Pro subscription

2.2 Information Collected Automatically

Data Type	Purpose
Device Information Device model, iOS version, unique device identifier	Compatibility, bug tracking, support
Usage Data Features used, session duration, interactions	App improvement, analytics, feature development
Performance Data Crash logs, error reports	Bug fixes, stability improvements
Network Information IP address, network type	Service delivery, fraud prevention

2.3 Location Information

✓ We DO NOT collect precise location data

The Application does not track or store your precise GPS location. We may derive general location information from your IP address for analytics purposes only, but never specific coordinates.

03 How We Use Your Information

3.1 Primary Uses

Provide Core Services: Voice transcription, AI text processing, note storage and sync
Process AI Requests: Send your audio/text to Whisper and Claude APIs for processing
Account Management: Authentication, subscription management, user preferences
Sync Across Devices: Use CloudKit to sync your data across your iOS devices
Customer Support: Respond to inquiries, troubleshoot issues, provide assistance

3.2 Secondary Uses

Analytics: Understand usage patterns, improve features, optimize performance
Security: Detect fraud, prevent abuse, protect user accounts
Communications: Send service updates, feature announcements (opt-out available)
Legal Compliance: Meet legal obligations, enforce Terms of Use

04 AI Processing & Third-Party Services

Important AI Disclosure

The Application uses artificial intelligence technologies that process your data through third-party services. By using AI features, you consent to this processing.

Service	Purpose	Data Shared	Privacy Policy
OpenAI Whisper	Voice transcription	Audio recordings	OpenAI Privacy ↗
Anthropic Claude	Text enhancement, AI chat	Text content, prompts	Anthropic Privacy ↗
Claude Vision	Photo scanning, text extraction	Images you upload	Anthropic Privacy ↗
Firebase Auth	Anonymous authentication	Anonymous user ID, tokens	Firebase Privacy ↗
Apple CloudKit	Data sync across devices	All your app data	Apple Privacy ↗

05 Data Storage & Security

5.1 Where Your Data is Stored

Primary Storage: Apple CloudKit (iCloud servers, encrypted)
Local Storage: On your iOS device (encrypted when device is locked)
Firebase: Anonymous authentication tokens, usage statistics (Google Cloud)

5.2 Security Measures

Industry-Standard Security

All data transmitted uses TLS/SSL encryption. Your data in CloudKit is encrypted at rest. All API communications with AI services are authenticated and encrypted.

5.3 Data Retention

Data Type	Retention Period
Voice recordings & notes	Until you delete them or close your account
Account information	Until you delete your account + 30 days
Analytics data	26 months (Google Analytics default)
Crash logs	90 days
Support tickets	3 years (for legal compliance)

06 Data Sharing & Disclosure

✓ We Never Sell Your Data

We never sell your personal information to third parties. We never share your voice recordings with advertisers. We never use your notes for marketing to others.

6.1 When We Share Data

We only share your information in these limited circumstances:

AI Processing: To Whisper and Claude APIs for transcription and text enhancement (necessary for core features)
Service Providers: To Firebase, CloudKit, and other infrastructure providers (under strict data processing agreements)
Legal Requirements: If required by law, court order, or government request
Safety and Security: To prevent fraud, abuse, or protect user safety
With Your Consent: Any other sharing will require your explicit permission

07 Your Privacy Rights

7.1 Access and Control

You have the right to:

Access Your Data: Request a copy of all data we have about you
Correct Your Data: Update or correct inaccurate information
Delete Your Data: Request deletion of your account and data
Export Your Data: Download your notes and recordings
Opt-Out: Unsubscribe from marketing emails

7.2 GDPR Rights (European Users)

Right to access, rectification, erasure ("right to be forgotten")
Right to restrict processing and data portability
Right to object to processing and withdraw consent

7.3 CCPA Rights (California Users)

Right to know what personal information is collected
Right to opt-out of sale of personal information (we don't sell data)
Right to delete personal information
Right to non-discrimination for exercising privacy rights

08 Children's Privacy

Age Restriction

The Application is NOT intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@notaeapp.com.

09 International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States (Firebase, OpenAI, Anthropic servers) and worldwide Apple CloudKit servers (distributed globally).

We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) with service providers and adherence to GDPR requirements.

10 Data Breach Notification

In the unlikely event of a data breach, we will investigate immediately, notify affected users within 72 hours (as required by GDPR), explain steps we're taking to prevent future breaches, and report to relevant data protection authorities if required by law.

11 Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by sending an email, displaying an in-app notification, and updating the "Last Updated" date at the top of this policy.

Your continued use of the Application after changes take effect constitutes acceptance of the updated policy.

Privacy Contact

Website: https://notaeapp.com

Email: support@notaeapp.com

Privacy Officer: Denis Yaremenko

We aim to respond to privacy requests within 30 days.
For GDPR-specific requests, please mark your email "GDPR Request".