Privacy Policy for NotesAI

Last Updated: February 25, 2026

Introduction

NotesAI ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our mobile application.

Information We Collect

Account Information

• Email address (when you sign up)
• Name (if provided through social login)
• Authentication tokens

Content You Create

• Notes and their content
• Voice recordings (processed in real-time, not permanently stored)
• Usage timestamps

Automatically Collected Information

• Device information (OS version, device model)
• App usage statistics
• Error logs and crash reports

How We Use Your Information

We use your information to:

• Provide and maintain the NotesAI service
• Process your voice commands through AI services
• Sync your notes across devices
• Improve our app and user experience
• Send service-related notifications
• Respond to your support requests

Data Storage and Processing

Your Notes

• Stored securely in our Supabase database
• Encrypted in transit (TLS/SSL)
• Accessible only to you through your account

Voice Data

• Processed in real-time by Google Gemini AI and/or OpenAI
• Audio is sent to AI providers for transcription and command processing
• We do not store raw audio recordings on our servers
• Audio is transmitted over secure WebSocket/WebRTC connections
• Subject to Google's and OpenAI's privacy policies:
  • Google AI/Gemini: https://ai.google.dev/gemini-api/terms
  • OpenAI: https://openai.com/policies/privacy-policy

Third-Party Services

We use the following third-party services:

• Supabase (Database & Authentication) - Privacy Policy
• Google Gemini AI - Privacy Policy
• OpenAI (Optional) - Privacy Policy
• Google Sign-In / Apple Sign-In - Subject to Google/Apple privacy policies

Data Retention

• Active Accounts: We retain your data as long as your account is active
• Deleted Accounts: Data is permanently deleted within 30 days of account deletion
• Inactive Accounts: Accounts inactive for 2+ years may be deleted after notice

Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and all associated data
• Export your notes
• Opt out of non-essential data collection

To exercise these rights, contact us at: support@notesai.app

Data Security

We implement industry-standard security measures:

• Encrypted data transmission (TLS/SSL)
• Row-level security policies in our database
• Secure authentication (OAuth 2.0)
• Regular security audits

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Children's Privacy

NotesAI is not intended for users under 13 years of age. We do not knowingly collect information from children under 13.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by updating the "Last Updated" date and sending an in-app notification.

Contact Us

If you have questions about this privacy policy:

Email: support@notesai.app

California Privacy Rights (CCPA)

California residents have additional rights under the CCPA. We do not sell your personal information.

European Privacy Rights (GDPR)

EEA residents have rights under the GDPR, including rights to access, rectification, erasure, and data portability.