# Privacy Policy for DraftToNote Effective date: 2025-09-16 Last updated: 2025-09-16 This Privacy Policy describes how DraftToNote ("the App") collects, uses, and shares information. By using the App, you agree to the practices described below. If you do not agree, please do not use the App. ## 1. Who we are - App: DraftToNote - Developer/Publisher: Adegbola Godwin Abidoye - Contact: info@drafttonote.com - Address: CF10, Cardiff, United Kingdom ## 2. What the App does DraftToNote lets you write and search notes locally on your device. Some features (embeddings and question answering; purchase verification) may contact our backend to provide cloud-assisted functionality. ## 3. Information we collect Depending on how you use the App, we may process: - Account identifiers (if signed in): Firebase user ID (UID), email (for email/password sign-in). - Authentication tokens: Firebase ID tokens to authorize API requests. - Purchases/entitlements: Product identifiers, purchase state, and active subscription/entitlement. We do not receive your full payment card data. - User-generated content (optional): Text you choose to send to the cloud for embeddings/QA. - Diagnostics/usage: Minimal server logs (timestamps, status codes, request identifiers, error traces) for security and debugging. - Device/network metadata: IP address and user agent in server logs. We do not collect precise location, contacts, photos, or microphone recordings. ## 4. How we use information - Provide core features (note-taking, search, embeddings/QA when requested). - Authenticate requests and protect our APIs. - Process purchases and entitlements. - Monitor, secure, and improve the App and backend. ## 5. Sharing and processing by service providers We use trusted third parties to operate parts of the service: - Firebase (Google): Authentication and token verification. - Google Play Billing / RevenueCat: Purchase processing and entitlement management. - OpenAI: Embeddings and/or question answering for text you choose to send. - Cloudflare: Hosts and secures the API Worker; edge and security logging may apply. We do not sell your personal information. ## 6. Where data is stored - On-device: Your notes are stored locally on your device’s app storage. - Cloud: Authentication data, entitlement state, and any text you submit for embeddings/QA are processed on servers operated by our providers and may be stored/processed in their regions (e.g., US/EU). ## 7. Security - Transport security (TLS) for all network requests. - Token verification (issuer/audience checks) on the backend. - Principle of least data and access. - Note: On-device notes are not encrypted by the App; device-level encryption depends on your OS settings. ## 8. Data retention - On-device notes: Kept until you delete them. - Entitlement/purchase records: Retained as required for accounting/compliance. - Server logs: Retained for a limited time for security and debugging (e.g., up to 30 days) unless required longer by law. - Embedding/QA requests: Processed as needed; any retention follows provider policies (see provider documentation). ## 9. Your choices and rights - You can create, edit, and delete notes on your device at any time. - You may request deletion of your account-related data (where applicable) by contacting us at the email below. - If your jurisdiction provides data rights (e.g., GDPR/CCPA), you may request access, correction, deletion, or portability as permitted by law. ## 10. Children’s privacy The App is not directed to children under 13 (or the minimum age in your jurisdiction). Do not use the App if you are under the applicable age. ## 11. International transfers We may process data on servers outside your country. Where required, we rely on appropriate safeguards for international transfers. ## 12. Changes to this policy We may update this Policy from time to time. We will post the new version with an updated “Effective date.” Your continued use of the App means you accept the updated Policy. ## 13. Contact Adegbola Godwin Abidoye CF10 Cardiff, United Kingdom Email: info@drafttonote.com --- ## Google Play Data safety (summary guidance) - Data collected (depending on use): - Personal info: Email (if email/password sign-in), user ID (Firebase UID). - User-generated content: Text submitted for embeddings/QA (optional; only when you use those features). - Purchases: Product IDs and subscription/entitlement status. - App activity/diagnostics: Minimal server logs for reliability and security. - Sharing: Data is processed by Firebase, RevenueCat/Google Play, OpenAI, and Cloudflare for the purposes listed above. - Security: Encrypted in transit; access restricted; limited retention. - Deletion: Users can delete notes locally; account data deletion upon request where applicable.