Privacy Policy for Notone
Last Updated: May 29, 2026
Introduction
Notone ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how Notone — a personal knowledge management app that connects your notes like neurons — collects, uses, stores, and shares your information. Please read this policy carefully. If you do not agree with its terms, please do not use the app.
Information We Collect
Notes and Knowledge Graph
When you use Notone, we collect and store the content you create, including:
- Note content: The text of your notes, including titles, bodies, and any information you choose to write
- Tags: Labels you attach to notes for organization and search
- Synapse links: The connections you create between notes, including their relationship type and weight
- Time fields: Due dates, schedules, and reminder times you set on notes
- Note metadata: Note type, status, lifecycle, and creation or update timestamps
Account Information
Notone uses Firebase Authentication (provided by Google) to identify your account. Depending on how you sign in, we may store:
- A unique account identifier (an anonymous account ID and a Firebase user ID)
- Your email address, if you sign up with email and password
- A provider identifier from Google or Apple, if you sign in with those services
You can start using Notone anonymously, without providing your name or email. If you sign in later, your existing notes are linked to your account so you can recover them across devices.
Analytics
We use Firebase Analytics to understand how the app is used. Firebase automatically collects:
- App open and session events
- Device model and operating system version
- App version
- General usage patterns (the content of your notes is not included)
This data is aggregated and used to improve the app. We do not include the content of your notes in analytics.
Push Notifications
If you allow notifications, we register a device push token through Apple Push Notification service (APNs) and Firebase Cloud Messaging (provided by Google). Along with the token, we may store your device name and time zone to deliver reminders at the correct time and to help you tell your devices apart. We use this information only to deliver reminders for the time fields you set on your notes.
Device Attestation
We use Firebase App Check (with Apple's App Attest) to verify that requests to our backend come from a genuine, unmodified copy of the app. This helps protect the service from abuse. App Check does not identify you personally.
How AI Features Use Your Notes
Embeddings (OpenAI)
To power semantic search and associative recall, the text of your notes is sent to OpenAI to generate numerical representations called embeddings. This happens automatically whenever you create or update a note. The embeddings are then stored on our infrastructure (Cloudflare Vectorize) to enable similarity search. This processing is essential to the app's functionality and cannot be turned off while using these features.
AI Assistant
When you use the AI assistant (chat) feature, your messages and the relevant notes provided as context are sent to our backend and processed by an AI model to generate a response. By default, this processing is performed by Cloudflare Workers AI on Cloudflare's infrastructure. We only send this content to the AI assistant when you actively use the feature. Your chat history is also stored on your device so you can revisit past conversations.
We do not use your notes to train any AI models, and we instruct our AI providers to process your content only to provide the requested feature.
What We Do NOT Collect
- Your real name (unless you choose to include it in a note)
- Location data
- Health or biometric data
- Contacts, photos, or data from other apps (unless you paste it into a note)
- Advertising identifiers (no advertising is shown and no ATT prompt is presented)
How We Use Your Information
- Notes and knowledge graph: To store, display, search, and connect your notes across your devices
- Embeddings: To provide semantic search, associative recall, and duplicate or contradiction detection
- Account information: To identify you, keep your data tied to you, and let you recover it after re-signing in or changing devices
- Push tokens: To deliver reminders for the time fields you set on notes
- Analytics data: To understand usage and improve the app
Data Storage
Our Backend (Cloudflare)
Your notes, tags, synapse links, and reminders are stored in a per-user database (Cloudflare Durable Objects with SQLite storage). Embeddings used for search are stored in Cloudflare Vectorize. This data is hosted on Cloudflare's infrastructure.
To keep your data tied to you across sign-ins and devices, our backend stores account-linking references. Your email address and sign-in provider identifiers are stored only in hashed form on our backend — your plaintext email is handled by Firebase (Google) for authentication and is not stored in plaintext on our servers.
Cloudflare processes and stores this data in accordance with their privacy policy: cloudflare.com/privacypolicy
On-Device Storage
Notone keeps a local cache of your notes on your device for offline access and performance. Your account ID is also stored securely in the device Keychain and may sync across your own devices via iCloud Keychain so you can recover your account.
Third-Party Services
Cloudflare
- Purpose: Backend hosting, database, and vector search
- Data processed: Notes, tags, links, reminders, embeddings, account ID
- Privacy Policy: cloudflare.com/privacypolicy
OpenAI
- Purpose: Generating embeddings of note text for semantic search
- Data processed: The text of your notes
- Privacy Policy: openai.com/policies/privacy-policy
Firebase (Google)
- Purpose: Authentication, analytics, push messaging, and app attestation
- Data processed: Account ID, email (if provided), device info, usage events, push token
- Privacy Policy: firebase.google.com/support/privacy
RevenueCat
- Purpose: Managing subscriptions and in-app purchases
- Data processed: Account ID, purchase and subscription status
- Privacy Policy: revenuecat.com/privacy
Apple
- Purpose: Processing purchases, push notification delivery (APNs), and Sign in with Apple
- Data processed: Purchase records, push token, Apple provider identifier
- Privacy Policy: apple.com/legal/privacy
Subscriptions and Purchases
Notone may offer paid subscriptions or in-app purchases. Payments are processed by Apple through the App Store; we never receive or store your full payment card details. We use RevenueCat to manage your subscription status and tie it to your account.
Notifications
Notone sends reminders for the time fields you set on your notes. These reminders may be delivered as push notifications via APNs and Firebase Cloud Messaging. To make a reminder useful, the notification may include the note's title and a short excerpt of its content (up to the first 200 characters). This means part of your note content passes through Apple's and Google's push delivery systems. You can manage or disable notifications at any time in iOS Settings.
Your Rights and Data Control
Access and Deletion
- View data: All of your notes and connections are visible within the app
- Delete notes: You can delete individual notes; their links and stored embeddings are removed as well
- Delete your account: You can request deletion of your account and all associated server-side data. When you do, your notes, tags, links, reminders, and embeddings are permanently removed from our backend
- Contact us: You may exercise any of these rights by emailing support@sbryu.com
Children's Privacy
Notone is intended for users aged 13 and older. We do not knowingly collect personal information from children under the age of 13. If you believe a child has provided us with personal information, please contact us and we will delete it.
GDPR Compliance
For users in the European Economic Area (EEA):
- We process your notes and account data to provide the service (performance of a contract) and to keep the service secure (legitimate interests)
- Your data is processed by our service providers, including Cloudflare, OpenAI, and Google, who act as data processors or sub-processors
- Some providers may process data outside the EEA; transfers are protected by appropriate safeguards such as standard contractual clauses
- You have the right to access, rectify, delete, restrict, and export your data, and to object to certain processing
- We do not use your data for automated decision-making that produces legal effects
- To exercise your rights, contact us at support@sbryu.com
California Privacy Rights (CCPA)
For California residents:
- We do not sell your personal information
- We do not share your personal information for cross-context behavioural advertising
- You have the right to know what personal information we collect and to request its deletion
- To make a request, contact us at support@sbryu.com
Data Retention
- Notes and account data: Retained until you delete the data or request account deletion
- Embeddings: Retained alongside the notes they represent and removed when those notes are deleted
- Firebase Analytics: Retained per Google's default retention policy (up to 14 months for event data)
- Local cache: Removed when you uninstall the app
Changes to This Privacy Policy
We may update this Privacy Policy when the app's functionality changes. We will notify you by:
- App Store update notes
- Updating the "Last Updated" date on this page
Contact Us
If you have any questions about this Privacy Policy, please contact us:
- Email: support@sbryu.com
Consent
By using Notone, you acknowledge that you have read and understood this Privacy Policy.