Effective Date: 1 February 2026
Welcome to Notedock! This Privacy Policy explains how Notedock Ltd ("Notedock", "we", or "us") collects, uses, shares, and protects your personal information when you use the Notedock mobile application (the "App") and related services. Notedock is an iOS-only note-taking app that prioritizes your privacy and security by design. By using Notedock, you agree to the practices described in this Privacy Policy and to our Terms of Service (which incorporate this Privacy Policy). We encourage you to read this policy carefully to understand our data practices and your privacy choices. If you have any questions, please contact us at support@notedock.ai.
Notedock is intended for users age 16 and above. We do not knowingly collect personal information from children under 16 years old. If you are under 16, please do not use Notedock or submit any personal data. If we learn that we have inadvertently collected information from someone under 16, we will delete it promptly. Parents or guardians who believe Notedock may have collected data from an under-16 minor can contact us at our support email so we can remove it.
TL;DR
We collect only the data needed to run Notedock, keep your notes synced, power optional AI and analytics, improve reliability, and understand how the app is used. We never sell your personal data.
When you sign up, we collect your name and email address. Notedock uses email-based sign-up only and does not use Google, Apple, or other OAuth logins. We also securely store your login credentials in hashed form to authenticate your account.
This includes the notes, documents, attachments, images, and other content you create or store in Notedock. Your notes are private to you. We do not access or use your content for any purpose other than providing services you choose, such as syncing, backup, search, and optional AI features. You remain the owner of all content you store in Notedock. Your notes are encrypted at rest on our servers and encrypted in transit between your device and our systems.
We collect certain device metadata and app usage information to ensure Notedock functions correctly on your device. This may include device model, operating system version, unique device identifiers, IP address, and timestamps of app access. We use this data for troubleshooting, compatibility, and analytics.
If the app crashes or encounters errors, crash logs and diagnostic information are collected through Firebase Crashlytics. This may include device state, OS, app version, and error codes at the moment of the crash. Crash logs typically include only technical data and not your note content.
We use analytics tools such as Mixpanel to gather anonymous or pseudonymous information about how you use Notedock. This includes events such as feature usage, screens viewed, and other interactions that help us understand engagement and improve the product. These analytics may include device identifiers or a user ID, but never your note content. You can opt out of certain analytics through app settings where available.
If you choose to use Notedock's optional AI features, we process the text you input or select for AI operations. This may include portions of your notes when you request an AI summary, rewrite, or similar feature. The relevant text is sent securely to our AI providers, such as OpenAI or Voyage AI, to generate the requested result. This data is used solely to deliver the AI output you requested. Neither Notedock nor our AI partners use this data to train their models.
If you visit our website or interact with Notedock advertisements, we and our marketing partners may collect limited data through cookies or similar technologies. For example, our website may use the Meta Pixel and our app uses Singular for attribution. This data may include which ad or link you clicked, approximate location, device information, and install events. This helps us measure marketing effectiveness. We never sell this data or use it for third-party advertising. We fully comply with Apple's App Tracking Transparency requirements and request tracking permission when required.
Notedock does not collect sensitive personal data such as financial information, as all payments are handled by Apple. We do not access your device's contacts, photos, or location unless you explicitly choose to attach or share content. Our goal is to collect only what is necessary to provide and improve the service.
TL;DR
We use your data only to run Notedock, provide core and optional features, improve the app, keep accounts secure, and meet legal requirements. Your notes remain private and are never used for advertising or AI model training.
We use your data to create and maintain your account, allow you to log in, and sync your notes across devices. Your email may also be used for essential account-related notices, such as password resets or confirmations.
The notes, files, and other content you add are stored securely and linked to your account so you can access them across your devices. Your content is used only to enable features you choose, such as search or organization. We do not read or use your notes for any unrelated purpose.
If you use optional AI features, the input you provide (such as selected text or note content) is sent securely to our AI providers to generate the result. This data is used only to deliver the specific AI output you requested and is not used to train AI models.
We use aggregated or pseudonymous usage information to understand how features are used and where improvements are needed. This helps guide design changes, bug fixes, and feature development. Analytics do not include the content of your notes.
Crash logs and diagnostic information help us identify and fix technical issues. If you contact our support team, we use your email and any information you provide to respond and assist you.
We may use your email to send essential service-related messages, such as updates to terms, security alerts, or important product changes. We may also send optional newsletters or product updates if you choose to receive them. You can unsubscribe from marketing emails at any time.
We use certain data, such as device information, IP addresses, and usage patterns, to detect fraud, prevent abuse, enforce our Terms of Service, and protect the safety of Notedock and its users.
In specific situations, we may need to use or disclose your data to comply with legal obligations. This includes responding to lawful requests or maintaining certain records for financial or tax purposes. We always limit disclosures to the minimum amount required.
We do not use your personal information for any purposes beyond those listed here without your consent. If new data uses are introduced, we will update this Privacy Policy and notify you when legally required.
TL;DR: We only share your data with trusted service providers who help us run Notedock. We never sell your personal information. We share only what's necessary, and only for the purposes described below.
We use trusted third-party companies to help us operate Notedock. These service providers perform tasks such as cloud hosting, data storage, analytics, email delivery, AI processing, and crash reporting on our behalf. These parties are contractually bound to use your data only to perform the services we have hired them for and not for any other purpose. They have access only to the information needed to perform their specific functions and must protect it in accordance with this Privacy Policy and applicable laws.
All billing and purchases for Notedock premium features or subscriptions are handled through Apple's in-app purchase system. When you subscribe or make a purchase in the App, it is processed by Apple. Notedock does not receive or store your payment card details or billing information; we only receive confirmation from Apple that your purchase was successful, along with basic information such as your subscription tier and renewal status. Your financial information remains with Apple. Refunds and billing issues are handled through Apple's App Store, and we assist where appropriate.
Notedock's servers and databases (where your notes and data are stored) may be hosted on reputable cloud platforms such as Google Firebase. These services store data securely in encrypted form and act as processors on our behalf. They do not access your personal data except as needed to maintain the service. Your data may be processed on servers in the United States or other jurisdictions; where required, we implement appropriate safeguards for international data transfers.
We share certain pseudonymous data with analytics services like Mixpanel. This may include user IDs, device information, and event data (such as "user created a note"), but not the content of your notes. These partners help us understand usage patterns and improve the app. They are not permitted to use the data for any purpose other than providing analytics services to us.
Our crash reporting tool (Firebase Crashlytics) receives crash data such as device type, OS, and technical stack trace information when the app fails. This information is used solely to diagnose and fix crashes. Crashlytics may assign a random unique ID to group related crashes. No personal note content is intentionally included in crash reports.
For AI-powered features, we send only the minimum necessary input text to AI providers such as OpenAI or Voyage AI in order to generate the requested result. We take steps to exclude unnecessary personal identifiers whenever feasible. Our AI providers do not use your data to train their general models or retain it beyond delivering the requested output. They process your data solely to return the result you requested and for no other purpose. We do not allow any AI provider to contact you or use your information outside of fulfilling your specific request.
If we run marketing campaigns, we may use tools such as the Meta Pixel on our website and Singular in our app to understand the effectiveness of advertising. If you interact with a Notedock ad, these services may collect non-personal data such as device information, approximate location, or an advertising identifier (if you grant permission). No personal notes or in-app content is ever shared. This data helps us measure campaign performance and is not used by these partners to profile you beyond our marketing activities. If you decline tracking permission on iOS, we fully respect that choice.
We may generate aggregated or de-identified statistics that cannot identify you personally (for example, the total number of notes created by all users). We may share or publish such information for business analysis or product improvement. Aggregated data contains no personal details.
We may disclose your information if required by law or when we believe in good faith that disclosure is necessary to comply with a valid legal request, enforce our Terms of Service, prevent fraud or security issues, or protect the rights, property, or safety of Notedock and our users. We disclose only the minimum amount of information necessary. When permitted, we will attempt to notify you if we receive a legal request for your data.
If Notedock or Notedock Ltd undergoes a merger, acquisition, sale of assets, financing, or bankruptcy, your data may be transferred to a successor or affiliate as part of that transaction. Any new entity will be required to protect your data in accordance with this Privacy Policy. If ownership changes, we will notify you and provide an opportunity to delete your data if you do not wish to continue.
In any situation not covered above, we will share your personal information only with your explicit consent. For example, if we ever wish to use your testimonial or a story involving your identity, we will ask for permission first. Without your consent, we will not share your personal data with third parties for purposes not described in this Privacy Policy.
TL;DR
We use strong technical and organizational safeguards—including encryption, access controls, secure infrastructure, and continuous monitoring—to protect your data. No system is 100% secure, but we follow industry best practices and will notify you if a data breach occurs.
All data exchanged with Notedock is encrypted in transit using HTTPS/TLS. This protects your data when syncing notes, logging in, or interacting with our servers. Your data is also encrypted at rest on our servers, such as when stored in encrypted databases. We follow industry best practices, including AES-256 for data at rest and modern TLS protocols for data in transit. Even if storage were compromised, encrypted data would not be readable without authorization.
We restrict access to personal data to only those employees, contractors, and service providers who need it to perform their duties. Access to production systems requires authentication and is logged and audited. Our team is trained on data privacy and security practices, and we enforce strict access control policies to protect sensitive systems.
Notedock runs on reputable cloud infrastructure such as Google Firebase or similar providers. These platforms offer strong physical and network security. We employ firewalls, network monitoring, and other defenses to prevent unauthorized access. Our servers are located in secure data centers with multiple layers of protection.
We perform encrypted backups of user data to ensure reliability and business continuity. Backups help protect against server failures or accidental deletion. All backups are encrypted and kept only for the period necessary to support the service.
We regularly apply security patches and updates to both our application and backend systems. We may conduct periodic security audits or penetration testing with external experts to identify and fix vulnerabilities proactively.
While we use strong security measures, no method of transmission or storage over the internet is completely risk-free. We cannot guarantee absolute security of your information. If a data breach ever compromises your personal data, we will notify you promptly via email or in-app notification and take all necessary steps to contain and mitigate the incident. We continually improve our security practices as threats evolve.
Notedock is built with security and privacy in mind from the ground up. Our practices focus on protecting the confidentiality and integrity of your data through encryption, access controls, monitoring, and a privacy-first architecture.
TL;DR
AI processing is essential to how Notedock works. When you use the app, certain note content, attachments, and queries must be processed by third-party AI providers in order to deliver features such as semantic search, summarisation, intelligent organisation, and related functionality. We minimise what we send, transmit everything securely, and require our providers to process data only to deliver the requested service.
Notedock is an AI-powered note application. Core features — including semantic search, summarisation, organisation, classification, and intelligent responses — depend on AI processing. These capabilities require transmitting specific content from your notes to third-party AI providers.
Without such AI processing, these features cannot function as intended. We design AI processing to be privacy-preserving and limited strictly to delivering the requested feature.
When AI processing occurs, Notedock securely transmits only the minimum data required to generate the requested result. This may include the text content of your note or selected portions of a note, text extracted from images or PDF documents that you attach or share within a note, your prompt or query, relevant contextual note segments necessary for accurate output (for example, the note title, nearby paragraphs, related notes, tags, or structured metadata such as creation date if required to interpret your request), a pseudonymous internal request identifier, limited technical metadata required to process the request (such as model version or request type), and your location data only if you have explicitly opted in to location-based features and the specific feature requires it.
We do not transmit your password, your payment or billing information, your full contact lists, or unrelated account data.
All data is transferred using encrypted connections (HTTPS/TLS).
To provide AI-powered functionality, Notedock shares limited note content with the following service providers: OpenAI, L.L.C. (United States) – provides language model services used for summarisation, text generation, and language-based AI features; and Voyage AI, Inc. (United States) – provides embedding services used for semantic search and related features.
These companies act as data processors on our behalf and process data solely to generate the requested output. We require our AI providers to implement appropriate technical and organisational safeguards and to use data only for service delivery purposes in accordance with their applicable data processing commitments.
Where required by law, we implement appropriate safeguards for international data transfers.
Notedock does not use your note content, prompts, attachments, or AI inputs to train or improve its own models.
Our AI providers process data solely to generate the requested output in accordance with their applicable terms and data processing commitments. We require providers to implement safeguards and limit processing to service delivery purposes.
We may analyse aggregated or anonymous usage statistics (such as how often AI features are used), but we do not analyse the content of your notes for analytics purposes.
We do not store AI inputs or outputs separately from your notes unless you choose to save the AI-generated result into a note.
Temporary technical logs may contain minimal processing details for short periods if required for troubleshooting, abuse prevention, or service integrity. These logs do not include full note content and are deleted automatically according to our retention policies.
Embeddings generated for semantic search are stored to enable search functionality. These embeddings are numerical representations of text and are not human-readable versions of your notes.
AI-generated text may sometimes be inaccurate or incomplete. We do not manually review your AI queries or results.
If an output is incorrect or inappropriate, you may delete it. We recommend exercising caution when including extremely sensitive personal information in prompts, even though all transmissions are encrypted and protected.
By creating an account and using Notedock, you acknowledge that your note content, attachments, and related contextual data may be transmitted to the AI providers listed above as necessary to provide core functionality.
If you do not agree to such processing, you should not use Notedock.
TL;DR
We rely on reputable third-party services to run Notedock. They only receive the minimum data needed to perform their function and cannot use it for their own purposes. We do not sell your data. By using Notedock, you explicitly consent to sharing your note content with our AI service providers (OpenAI and Voyage AI) as described below.
We use a small number of trusted third-party services to operate core parts of Notedock, including cloud hosting, authentication, payments, analytics, crash reporting, marketing attribution, and email delivery. Each partner is contractually bound to strict privacy and security obligations, may only process data on our behalf, and receives access only to the minimum information required for their function.
Apple handles all subscription payments and purchases made inside Notedock. When you subscribe, Apple processes the payment through your Apple ID account. We do not see your credit card number, billing address, or other sensitive financial details. Apple confirms the purchase to us by providing non-financial information such as subscription tier, renewal status, and country-level reports. Refunds and billing disputes are handled directly through Apple's system.
Firebase provides core backend infrastructure for Notedock, including authentication and data storage. Your email and encrypted password are stored in Firebase Authentication. Your notes and account information are stored in Firebase's encrypted cloud database. Crashlytics collects crash logs, device model information, OS version, and anonymized crash identifiers, which allow us to diagnose issues. Crash reports do not include note content. Google acts strictly as a data processor and applies strong security safeguards.
Mixpanel helps us understand how the app is used so we can improve Notedock. Mixpanel receives a random or hashed user identifier, event information you trigger inside the app, and general device information such as OS version and region based on IP. We do not send Mixpanel any note content or sensitive personal data. Mixpanel does not share this information externally. You may opt out of analytics tracking through an in-app setting or by contacting support.
OpenAI provides AI capabilities such as generating summaries and other language-based features. When you use an AI feature, the relevant text or context is sent to OpenAI's API so it can generate a response. OpenAI does not use this data to train its general AI models and does not retain it longer than necessary to provide the requested result. Requests may include anonymized or random request identifiers, but no identifying account information.
Voyage AI provides embedding and semantic search capabilities. Segments of note text may be sent to Voyage's API to generate vector embeddings used to power search and related features. These embeddings, not the raw text, are stored. Voyage AI does not retain or reuse your text beyond generating the result and cannot identify who the data belongs to.
Our website may use Meta Pixel to measure aggregated website traffic and ad performance. It does not collect personal identifiers and is not used inside the Notedock app.
We use Singular for privacy-preserving app install attribution. It relies on SKAdNetwork and similar non-tracking methods. Singular does not receive note content, personal identifiers, or advertising identifiers unless you explicitly grant tracking permission.
If we use an email delivery service to send transactional or optional marketing emails, that provider processes your email address and the content of messages we send. They do not use your email for anything else. If you unsubscribe from marketing emails, the provider records that preference to ensure you are not emailed again.
TL;DR
You can access, correct, export, or delete your data. You can withdraw consent for optional processing, object in certain cases, and contact us with any privacy request. We do not sell your data, and we do not make automated decisions about you.
You may request a copy of the personal information we hold about you, including your account details and the notes stored in your workspace. Much of this information is already visible inside the app, but we will provide a full export upon request.
If any personal information we hold about you is inaccurate or outdated, you may request that we correct or update it. Basic profile information can be edited directly in the app. If you need help correcting something you cannot change yourself, you can contact us and we will assist.
You may delete your account at any time from within the app. When you do, your personal data and notes will be permanently deleted from our systems within 30 days, except for limited information we may need to retain for legal, accounting, or security reasons. You may also request deletion via email if you cannot access the app.
You may request an export of your notes and associated data in a portable, commonly used format. We will provide a downloadable archive containing your note content and relevant account information. Data export is free and typically completed within a few days.
If we rely on your consent for a particular type of data processing—such as optional marketing emails or optional analytics—you may withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of past processing but stops that activity moving forward.
In certain circumstances, you may object to our processing of your data when we rely on legitimate interests. If you object, we will review your request and stop or restrict processing where required by law. You may always object to direct marketing.
You may request that we temporarily limit the processing of your personal data if you believe it is incorrect, being used unlawfully, or no longer needed, or if you are contesting an objection. During restriction, your data will not be used except as necessary for legal or security obligations.
We do not sell personal data. If your jurisdiction provides a "do not sell my data" right, it is unnecessary to invoke it because Notedock does not engage in any sale or monetization of personal information.
Notedock does not make decisions that have legal or similarly significant effects on you based solely on automated processing. AI features may generate content or suggestions, but they do not control or restrict your use of the service.
If you are subject to GDPR or similar laws, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have infringed your privacy rights. We would appreciate the chance to address your concerns first, so please consider reaching out to us. You also have the right to contact the UK Information Commissioner's Office (ICO) or an EU Data Protection Authority in your country.
Most rights can be exercised directly through the app, such as deleting your account or editing your profile. You may also email us at support@notedock.ai. For security, we may need to verify your identity before acting on your request. We will respond within the timeframes required by law, typically within 30 days, and will inform you if an extension is needed or if a request cannot be fulfilled for legal reasons.
TL;DR You control your data. You can delete individual notes or your entire account at any time. If you delete your account, we permanently erase your data within 30 days (with a short backup buffer). We only retain limited information if required for legal, accounting, or safety purposes.
We keep your personal data only as long as necessary to provide Notedock and for legitimate business or legal purposes. Here is how we handle retention and deletion.
As long as you actively use Notedock, we retain your notes, files, and account information so the service continues to function. Your data is not deleted due to inactivity unless we introduce a dormant-account policy (currently, we do not). Your notes remain until you delete them or delete your account.
You can delete your Notedock account at any time through the in-app Delete Account option. Once you confirm deletion, your account becomes inaccessible and is scheduled for permanent removal. We permanently delete all personal data and content within 30 days, often sooner. This short buffer prevents accidental loss and allows the safe removal of your data from active systems and encrypted backups. After deletion, your data is irreversibly erased from production systems, and remaining backup copies are overwritten during routine backup rotations. Analytics events tied to your user ID are anonymized or removed to the extent feasible.
If you have an active subscription through Apple at the time of deletion, you must cancel it separately in your Apple ID settings. Deleting your Notedock account does not automatically cancel Apple billing.
You can delete individual notes or attachments at any time. Deleted notes are removed from active storage immediately. They may continue to exist in encrypted backups for 30–60 days until backups cycle out, after which they cannot be recovered. Deleted content is never used for any purpose. If you exported or shared note content outside Notedock, you must delete it separately from the external location.
In some circumstances, we may retain limited information even after you delete your account:
Such retained information is isolated, used only for the required purpose, and deleted once the obligation ends.
Encrypted backups or temporary caches may contain deleted data for a short period. These are automatically purged as backup systems cycle. For example, security logs containing IP addresses or device metadata are retained only as long as operationally necessary (such as 90 days) and then deleted.
When you initiate deletion, we confirm your request in-app or via email. Once confirmed, your account enters a deletion queue. If reactivation is supported in the future, logging back in within the 30-day window may restore your account; otherwise, you may simply create a new account. After 30 days, deletion is final and irreversible. We disclose this timeline in advance to meet platform requirements and ensure clarity.
TL;DR You can export all your notes and personal data at any time. Email us from your registered address and we will securely prepare your data.
We can provide your notes and user-generated content in common, machine-readable formats. We also include basic account information such as your email address, name, and metadata like your account creation date. Where feasible, we may also include creation timestamps or similar metadata.
Export is currently handled manually by our support team. To request it, email support@notedock.ai from the email associated with your account and state that you want a data export. For security, we may ask you to verify the request before proceeding.
We will prepare your export within a reasonable timeframe and always within the deadlines required by applicable data protection laws. Data exports are free of charge unless you make repeated or excessive requests, in which case a reasonable fee may apply as permitted by law.
TL;DR We may update this Privacy Policy. If changes are significant, we will notify you. Continuing to use Notedock means you accept the updated version.
We may update this Privacy Policy to reflect changes in our practices, technologies, legal requirements, or operational needs. If we make material changes that significantly affect your rights or how your data is used, we will notify you in a timely manner by email, an in-app notice, or a prominent website message.
Minor updates that do not affect how your data is processed may be made without special notice. The "last updated" date at the top of this Policy indicates the most recent revision.
Your continued use of Notedock after changes take effect means you accept the updated Policy, unless applicable law requires separate consent. If we intend to use your data for a new purpose not previously disclosed, we will request your consent or provide a clear opt-out option.
If you disagree with any changes, you may delete your account or contact us with your concerns. We aim to ensure that all updates remain transparent, fair, and respectful of your privacy.
Your privacy and trust matter deeply to us. If you have questions, concerns, or requests regarding this Privacy Policy or how Notedock handles your data, you can contact us at:
This is the best contact method for privacy matters, including data rights requests.
Notedock Ltd
71-75 Shelton Street
Covent Garden
London
WC2H 9JQ
United Kingdom
This address is for official correspondence. Email will always result in the fastest response.
We typically reply within a few business days. If you contact us to exercise a privacy right, we may ask you to verify your identity for security purposes.
Thank you for trusting Notedock with your notes and personal information. We built Notedock with a privacy-first mindset and remain committed to protecting your data.
