Privacy Policy
Effective Date: 11 February 2026
Last Updated: 10 March 2026
This Privacy Policy describes how Noffy ("we," "us," or "our") collects, uses, and protects information when you use our mobile application ("App"). By using Noffy, you agree to the practices described in this policy.
1. Overview
Noffy is an AI-powered note-taking app that helps you capture, organize, and enhance your notes using artificial intelligence. Your privacy is important to us, and we have designed our App with a privacy-first approach:
- Your content stays on your device (and your iCloud, if sync is enabled). We do not store your notes, recordings, or AI-generated content on our servers.
- We do not train AI models on your content. We do not operate in-house AI models. When you use AI features, your content is sent to third-party AI providers for processing and is not retained by us.
- We do not sell your personal information. We do not sell, rent, or share your personal information with third parties for their marketing purposes.
- We do not track you. We do not use analytics SDKs, advertising trackers, or cross-app tracking.
2. Information We Collect
2.1 Content You Create (Stored on Your Device and iCloud)
When you use Noffy, you may create and store the following types of content:
- Audio recordings (voice notes)
- Text notes (typed or pasted)
- Photos and videos
- Transcripts and speaker-identified segments
- AI-generated content (summaries, slides, flash cards, quizzes, articles, infographics, images)
- Text-to-speech audio
- Folder organization and note metadata
This content is stored exclusively on your device and in your personal iCloud account (via Apple CloudKit). We do not have access to your iCloud data, and we do not store any of this content on our servers. Your data is encrypted by Apple both in transit and at rest.
2.2 Usage Data (Stored on Our Servers)
To manage your account and provide our services, we collect limited usage data on our servers:
- Anonymous User Identifier: A unique identifier derived from your iCloud account. We do not collect your name, email address, or Apple Account information.
- Feature Usage: Counts of AI features used (e.g., number of summaries generated, transcription minutes used) for managing your usage limits.
- Credit Balance: Your current Sparks (credits) balance, including weekly allowances and purchased credits.
- Purchase History: Records of credit pack purchases, including the product identifier, credit amount, and transaction ID (processed through Apple's App Store).
- Rate Limiting Data: Temporary records of AI feature requests to prevent abuse. This data is automatically deleted after 2 hours.
- Generation Job Tracking: When you use image generation features, we temporarily store a job record containing your anonymous user identifier, a note identifier, and job status. This record contains no note content and is automatically deleted within 24 hours.
2.3 Information We Do NOT Collect
- Email address or real name
- Location data
- Contacts or address book
- Browsing history or search history
- Device diagnostics or crash reports on our servers (note: Apple may share anonymized crash reports with us through App Store Connect if you have enabled "Share iPhone & Watch Analytics" in your device settings under Privacy & Security > Analytics & Improvements — this is managed by Apple, not by us)
- Language preferences or app settings (these are stored locally on your device only)
2.4 Sensitive Information
Please be mindful when using AI features with content containing sensitive personal identifiers such as Social Security numbers, financial account details, government-issued identification numbers, or passwords. While your content is stored securely on your device and iCloud, AI features involve sending content to third-party providers for processing. We recommend reviewing and removing such identifiers before using AI-powered features.
3. Content Ownership
You retain full ownership of all content you create in Noffy, including your original notes and any AI-generated content derived from them (such as summaries, slides, flash cards, and quizzes). By using our AI features, you grant us a limited, non-exclusive license to process your content solely for the purpose of providing the requested service (e.g., generating a summary). We do not claim any ownership rights over your content.
4. AI Processing and Model Training
4.1 How AI Features Work
When you use AI-powered features (such as transcription, summarization, AI chat, slide generation, image generation, or text-to-speech), your content is sent to third-party AI providers for processing. The results are returned to your device and stored locally in your iCloud.
We do not use your content to train, fine-tune, or improve any AI models. Your content is processed on demand and is not retained by us after the result is delivered to your device. We access all AI providers through their API services, which by default do not use API customer data for model training. We do not enable any opt-in flags or settings that would allow providers to use your content for training purposes.
4.2 Third-Party AI Providers
We utilize the following external AI providers to power our features. Each provider has their own privacy policy governing how they handle data:
| Provider | Privacy Policy |
|---|---|
| Deepgram | deepgram.com/privacy |
| Soniox | soniox.com/policies/privacy-policy |
| OpenAI | openai.com/policies/row-privacy-policy |
| Google (Gemini) | policies.google.com/privacy |
| fal.ai | fal.ai/privacy |
| Replicate | replicate.com/privacy |
| DeepInfra | deepinfra.com/privacy |
| OpenRouter | openrouter.ai/privacy |
We encourage you to review these providers' privacy policies to understand how they handle data. We select providers that offer API-level data processing agreements and do not use API customer data for model training by default.
5. How We Use Your Information
We use the information we collect to:
- Provide the Service: Process your content through AI features, sync notes across your devices via iCloud, and manage your folders and organization.
- Manage Usage and Credits: Track your feature usage against your plan limits and manage your Sparks (credit) balance.
- Process Transactions: Record credit purchases and verify transactions through Apple's App Store.
- Prevent Abuse: Enforce rate limits on AI features to maintain service quality.
- Improve the Service: We may use aggregated, anonymized usage statistics (such as which features are most popular) to improve the App. This data cannot be linked back to individual users or their content.
6. Data Storage and Security
6.1 Where Your Data Is Stored
| Data Type | Storage Location | Who Controls It |
|---|---|---|
| Notes, recordings, AI content | Your device + your iCloud (Apple CloudKit private database) | You |
| App settings, preferences | Your device (local storage) | You |
| Usage data, credit balance | Our servers | Us |
| Generation job tracking | Our servers (auto-deleted within 24 hours) | Us |
6.2 Security Measures
- Encryption in Transit: All data transmitted between your device and our servers, as well as between our servers and third-party providers, is encrypted using TLS/SSL.
- Encryption at Rest: Your iCloud data is encrypted at rest by Apple. Our server-side databases enforce Row Level Security to ensure users can only access their own data.
- No Passwords Stored: We do not have a username/password system. Your identity is established through your iCloud account, managed entirely by Apple.
6.3 Security Disclaimer
While we implement commercially reasonable security measures to protect your information, no method of electronic storage or transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.
7. Device Permissions
Noffy may request the following device permissions:
| Permission | Purpose |
|---|---|
| Microphone | Recording voice notes |
| Camera | Capturing photos and videos for notes |
| Photo Library | Importing existing photos and videos |
| Speech Recognition | On-device speech recognition features |
| Notifications | Sync status updates and reminders |
You can manage these permissions at any time through your device's Settings app.
8. Subscriptions and Payments
Subscriptions and credit purchases are processed through Apple's App Store. We use RevenueCat (revenuecat.com/privacy) to manage subscription status. We never receive or store your credit card information, billing address, or other payment details. Apple handles all payment processing.
We receive:
- Confirmation of your subscription status (active, expired, etc.)
- Anonymous transaction identifiers for credit purchases
9. Your Privacy Rights
9.1 All Users
Regardless of where you live, you can:
- Delete your content at any time by removing notes from the App. Deleted content is removed from your device and iCloud.
- Request deletion of your server-side usage data by contacting us at hello@noffy.ai.
- Manage permissions through your device's Settings app.
9.2 California Residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose.
- Delete your personal information.
- Correct inaccurate personal information.
- Opt out of the sale or sharing of personal information. Note: we do not sell or share your personal information.
- Non-discrimination for exercising your privacy rights.
9.3 European Economic Area, UK, and Switzerland (GDPR)
If you are located in the EEA, UK, or Switzerland, you have the right to:
- Access your personal data.
- Rectify inaccurate personal data.
- Erase your personal data ("right to be forgotten").
- Restrict or object to processing of your personal data.
- Data portability — receive your data in a structured, machine-readable format.
- Lodge a complaint with your local data protection authority.
Our legal basis for processing your data is the performance of our contract with you (providing the service) and our legitimate interest in preventing abuse and improving the service.
9.4 How to Exercise Your Rights
To exercise any of these rights, please contact us at hello@noffy.ai. We will respond to verified requests within 30 days (or without undue delay for GDPR requests). We may need to verify your identity before processing your request.
10. Data Retention and Deletion
| Data Type | Retention |
|---|---|
| Notes and content | Stored on your device and iCloud until you delete them. We have no control over or access to this data. |
| Usage data | Retained while your account is active and for a reasonable period afterward for record-keeping. |
| Rate limiting data | Automatically deleted after 2 hours. |
| Generation job tracking | Automatically deleted within 24 hours. |
| Purchase records | Retained as required for financial record-keeping and to support your credit balance. |
If you cancel your subscription: Your content remains on your device and iCloud. Your usage data is retained on our servers for record-keeping purposes.
If you request account deletion: Contact us at hello@noffy.ai. We will delete all server-side data associated with your anonymous user identifier. Your device-stored content is not affected (you manage that yourself).
11. Children's Privacy
Noffy is not directed at children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If we learn that we have inadvertently collected data from a child under the applicable age, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at hello@noffy.ai.
12. International Data Transfers
Our servers and third-party AI providers may be located in countries other than your own. By using Noffy, you consent to the transfer of your usage data and processed content to these countries. We ensure that appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy at noffy.ai/privacy and, where appropriate, through an in-app notification. The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of Noffy after any changes constitutes your acceptance of the updated policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: hello@noffy.ai
Website: noffy.ai
Terms of Service: noffy.ai/terms