This policy describes our actual data practices in plain language. It is provided for transparency and is not legal advice; we recommend having your own counsel review it for your jurisdiction.
The short version
- Your notes are yours. We don't sell your data and we don't show ads.
- There is no AI in Locinote — your content is never used to train models.
- OCR (reading text in your images/PDFs) happens on your device.
- We currently run no analytics or tracking SDKs.
- We don't collect your location.
- You can export everything and delete your account at any time, from inside the app.
Who we are
Locinote ("Locinote," "we," "us") provides a note-taking application for mobile and web. For the purposes of the GDPR and similar laws, we are the data controller for the personal data described here. You can reach us at support@locinote.com.
What we collect
We collect only what's needed to run the service:
- Account information — your email address, and (if you choose to add them) a display name and profile photo. If you sign in with Google or Apple, we receive basic profile details from that provider to create your account.
- Your content — the notes, notebooks, tags, checklists, drawings, and file attachments you create or import, including text that on-device OCR extracts from your images and PDFs to make them searchable.
- Subscription status— whether you're on the free or Pro plan, and when it renews or expires. Payments are processed by the app stores; we do not receive or store your card details.
- Basic technical data— standard request information (such as your device's IP address and user-agent) that our infrastructure necessarily processes to deliver and secure the service.
We do not collect location/GPS data, and we do not run advertising or third-party analytics SDKs.
How we use it
- To provide the app: storing, syncing, and displaying your notes across your devices.
- To authenticate you and keep your account secure.
- To manage subscriptions and entitlements (free vs. Pro).
- To deliver Pro features you use, such as email-to-note.
- To respond to your support requests.
- To meet legal obligations and prevent abuse.
Under the GDPR, our legal bases are: performance of a contract (running the service you signed up for), legitimate interests (security and abuse prevention), consent where required, and legal obligation.
Service providers (sub-processors)
We rely on a small set of trusted providers to operate Locinote:
| Provider | Purpose |
|---|---|
| Google Firebase | Account authentication, cloud database, file storage, and backend functions that host and sync your notes. |
| RevenueCat | Validates in-app purchases and tells us your subscription status. Used on mobile only. |
| Mailgun | Receives inbound email for the optional Pro "email-to-note" feature. Only involved if you use it. |
| Cloudflare & Vercel | DNS and hosting for our website and app delivery. |
Each provider only processes data on our instructions to perform its function. The app stores (Apple, Google) process your payment when you subscribe.
On-device processing
Optical character recognition — reading the text inside your photos and PDFs so you can search them — runs entirely on your device. Your images are not uploaded to a server to be read. Locinote is local-first: your notes are cached on your device for instant, offline access and synced to your account in the background.
Note: photos you add may contain embedded metadata (for example, EXIF location written by your camera). Locinote does not read or use that metadata, but it is stored as part of the original file if you attach it.
Sharing
We do not sell your personal data or share it for advertising. Data is shared only with the service providers above, or when required by law.
If you deliberately make a note public or create a share link, that specific note becomes accessible to anyone who has the link — that's the purpose of the feature. You control this per note, and can revoke it.
Retention & deletion
We keep your data for as long as your account exists. When you delete your account (Settings → Delete account), we permanently remove your notes, notebooks, attachments, and authentication record from our systems. Some information may persist briefly in backups or be retained where the law requires, then is deleted on our normal cycle.
Your rights
Depending on where you live, you have rights to access, correct, delete, and port your data, and to object to or restrict certain processing. Locinote is built to honor these directly:
- Access & portability — export all your notes as ENEX, Markdown, or HTML, any time, for free.
- Erasure — delete your account and data from within the app.
- Correction — edit your notes and profile at any time.
To exercise any right, or to complain to a supervisory authority, contact us at support@locinote.com. See our GDPR & your data page for more.
Security
Your data is transmitted over encrypted connections (HTTPS/TLS) and stored with our cloud provider's encryption at rest. Access is governed by authentication and server-side security rules. No system is perfectly secure, but we work to protect your information and limit access to it.
Children
Locinote is not directed to children under 13 (or the minimum age of digital consent in your country). We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.
International transfers
Our providers may process data in countries other than yours, including the United States. Where required, such transfers rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses).
Changes to this policy
We may update this policy as the product evolves. We'll change the "last updated" date above and, for material changes, provide a more prominent notice.
Contact
Questions about your privacy? Email support@locinote.com.