noteshot-privacy

NoteShot Privacy Policy

Effective Date: February 26, 2026

NoteShot (“the App”) is developed by Nikolay Mohr (“we”, “us”). This policy describes how the App collects, uses, and protects your information.

1. What NoteShot Does

NoteShot captures, classifies, and organizes screenshots using on-device OCR, heuristic classification, and optional AI enhancement. It includes a share extension for importing content from other apps.

2. Data We Process Locally

The following data is processed entirely on your device and never leaves it unless you explicitly use a feature described in Section 3:

• Screenshots and images you import or share into the App
• OCR-extracted text from your screenshots
• Detected entities (URLs, emails, phone numbers, dates, addresses) parsed from OCR text
• Classification and organization (categories, priority scores, tags)
• Calendar and Reminder drafts created only when you trigger these actions
• Contacts matching runs on-device when you enable it; no contact data is transmitted

All imported content is stored in your device’s local database (via Apple’s SwiftData framework) within an App Group shared between the main app and the share extension.

3. Data Shared with Third-Party Services

3.1 Authentication — Supabase (via Sign in with Apple)

When you sign in, we use Apple’s Sign in with Apple service. Your Apple ID credentials are handled entirely by Apple. We receive and store on our Supabase-hosted backend:

• User ID (a unique identifier)
• Display name (as provided by Apple, which may be a pseudonym)
• Email address (which may be Apple’s private relay address)

This data is used solely to authenticate you and manage your subscription. It is stored on Supabase infrastructure (hosted in the cloud). We do not sell, share, or use this data for advertising.

3.2 Subscriptions — RevenueCat

We use RevenueCat to manage in-app subscriptions. RevenueCat processes:

• Purchase transactions (managed by Apple)
• Subscription status and entitlements
• An anonymous user ID linked to your account

RevenueCat’s privacy policy is available at https://www.revenuecat.com/privacy.

3.3 Cloud AI Enhancement — NoteShot Backend

When you enable cloud AI features, the App sends OCR-extracted text only (not images) to our backend service (hosted on Cloudflare Workers) for enhanced classification. Our backend forwards this text to AI providers (currently OpenRouter) for processing.

• Only recognized text is shared, never your original images
• Processing occurs only while the feature is enabled
• You can disable this at any time in Settings

3.4 On-Device AI — Apple Intelligence

When available and enabled, the App may use Apple’s on-device AI capabilities (Apple Intelligence / Foundation Models) for enhanced classification. This processing happens entirely on your device; no data is sent to Apple or any third party for this feature.

3.5 Analytics — TelemetryDeck

We use TelemetryDeck for privacy-friendly, anonymous product analytics. TelemetryDeck:

• Does not use advertising identifiers (IDFA)
• Does not track individual users across apps
• Collects aggregated, anonymous usage signals (e.g., feature usage counts, error rates)
• Cannot identify individual users

TelemetryDeck’s privacy policy is available at https://telemetrydeck.com/privacy.

3.6 Speech Recognition — Apple

When you use voice memo transcription, the App uses Apple’s Speech Recognition framework. Depending on your device and settings, audio may be processed on-device or sent to Apple’s servers. Apple’s privacy policy governs this processing.

4. Data We Do Not Collect

• We do not use advertising identifiers
• We do not track you across other apps or websites
• We do not sell your personal information to anyone
• We do not collect precise location data
• We do not collect health, fitness, or biometric data

5. Data Retention

• Imported content (screenshots, OCR text, classifications) remains on your device until you delete it
• Account data (user ID, name, email) is retained on our Supabase backend while your account is active
• Subscription data is managed by RevenueCat and Apple according to their respective retention policies
• Analytics data is retained by TelemetryDeck in anonymized, aggregated form

6. Your Rights and Controls

You can at any time:

• Delete imported content within the App
• Disable cloud AI features in Settings to stop sending OCR text to our backend
• Disable auto-import to stop automatic screenshot ingestion
• Revoke permissions (Photos, Calendar, Contacts, Reminders, Microphone, Speech Recognition) in iOS Settings
• Sign out to disconnect your account
• Request account deletion by contacting us (see Section 9)

7. Security

• API keys and session tokens are stored in Apple Keychain
• All network communication uses HTTPS/TLS encryption
• Authentication uses Apple’s Sign in with Apple (OIDC) with no passwords stored
• The share extension accesses shared data only through a secure App Group and Keychain access group

8. Children’s Privacy

NoteShot is not directed at children under 13. We do not knowingly collect personal information from children.

9. Contact

If you have questions about this policy or wish to request account deletion, contact us at:

Email: nikolay.mohr@gmail.com

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through an App update or a notice within the App. The effective date at the top of this page reflects the latest revision.