Privacy Policy

1. About This Policy

This Privacy Policy explains how Notarra, created and operated by Lucas Kelley in the State of Missouri, USA, handles your information when you use the Notarra mobile app or visit notarra.com.

Our goal is simple: help you organize your ideas while keeping your privacy fully protected.

2. Information We Collect

We collect only what's needed for Notarra to function:

Account Information

• Your email (for sign-in and recovery)
• A unique user ID (auto-generated)
• Account creation and last-login dates

Notes and Categories

• Note titles and content you create
• Categories, positions on the canvas (x / y coordinates)
• Relationships between notes (parent / child)
• Due dates, importance levels (1–5), completion status, archive status, color codes

Voice Data (Temporary Only)

Preferences

• Theme, font style, and font size settings
• Stored locally on your device

3. Information We Never Collect

We are proud of our zero-tracking policy. Notarra does not collect or share any of the following:

• ❌ Advertising or analytics IDs
• ❌ Location data
• ❌ Contacts or camera access
• ❌ IP addresses or device fingerprints
• ❌ Usage stats or behavioral tracking
• ❌ Third-party analytics tools (no Google Analytics, no Facebook Pixel)
• ❌ Cookies (only minimal local storage on the website)

In short: We don't track, monitor, or sell any information about how you use the app.

4. How We Use Your Information

We use your data only to provide and improve Notarra's core features:

• Account management: to let you sign in, sync notes, and recover your account
• App functionality: to show, organize, and store your notes and categories
• AI processing: to transcribe voice recordings (temporarily) and interpret text for categorization or task detection

We do not use your data for marketing or profiling.

5. Third-Party Services

Supabase (Database & Auth)

• Purpose: secure storage of user accounts and notes
• Shared data: email, user ID, notes, and categories
• Location: hosted in the United States (US East)
• Security: uses Row-Level Security (RLS) so each user can only access their own data
• Privacy Policy: https://supabase.com/privacy

OpenAI (Whisper & GPT-4o-mini API)

• Purpose: real-time voice transcription and smart note suggestions
• Shared data: temporary audio clip + transcribed text
• Retention: OpenAI deletes API data per its retention policy; we do not store audio files
• Privacy Policy: https://openai.com/policies/privacy-policy
• Training: Your data is not used to train OpenAI models

6. Data Security

We take strong measures to keep your information safe:

• Encrypted connections (HTTPS / TLS)
• Secure authentication via Supabase Auth (passwords are hashed)
• Row-Level Security so only you can view your notes
• Real-time data sync over encrypted channels
• No plain-text password storage
• No admin access to user content

7. How Long We Keep Your Data

• Active Data: kept only while your account exists
• Deleted Notes: permanently erased immediately (no backups kept)
• Deleted Accounts: all data removed within 30 days of deletion

We do not archive or retain any copies after deletion.

8. Your Rights and Choices

You control your data completely.

Access & Edit

View, edit, or delete your notes any time in-app.

Export

(Planned feature) You will be able to export your notes for backup or transfer.

Deletion

• Delete your account and all data instantly inside the app
• Or email us at contact@notarra.com to request deletion within 7 business days

9. Account Deletion

In-App:

Go to Profile → Delete Account → Slide to Confirm

When you delete your account:

• All notes and categories are erased
• Your account and preferences are removed
• Data cannot be recovered

By Email:

Send a request to contact@notarra.com. We will verify ownership and delete your data within 7 business days.

10. Children's Privacy

Notarra is for users aged 16 and older (to comply with GDPR and COPPA standards). We do not knowingly collect information from children under 16.

If a parent or guardian believes a child has used Notarra, please contact us at contact@notarra.com and we'll delete the account immediately.

11. International Users

All data is stored in the United States (Supabase US East). For EU users, data transfers follow Standard Contractual Clauses (SCCs) to keep your data safe under GDPR.

12. Compliance With Laws

GDPR (EU Users)

You have the right to:

• Access your data
• Correct inaccuracies
• Request deletion ("Right to Be Forgotten")
• Request a copy of your data (Data Portability)
• Object to processing or withdraw consent

Legal Basis for Processing: Your consent and our contract to provide the service.

CCPA (California Users)

You have the right to:

• Know what data is collected (see Sections 2–3)
• Request deletion of your data
• Receive equal service even if you exercise your rights
• Know that we do not sell personal information

To exercise your rights, email contact@notarra.com.

COPPA (U.S. Children's Privacy)

We do not collect information from children under 13. If we discover such data, we delete it immediately.

13. Changes to This Policy

We may update this Privacy Policy if our features or laws change. If we make major changes, we'll notify you by:

• Email, and/or
• In-app notification

The "Last Updated" date at the top always shows the current version. Continuing to use Notarra means you accept the updated policy.