Effective date: 01.12.2025.

At iNotes, your privacy is not just a box we check — it’s a core part of our mission. We understand how important your personal data is, and we are committed to protecting it. When you use our mobile and web apps, we handle your information with the utmost care so that you always remain in control.

Our Promise to You: Your Data, Your Control

We believe your data belongs to you.

When you delete your notes, attachments, recordings, transcriptions, translations, or summaries in iNotes, they are permanently removed from our servers within a reasonable timeframe, in accordance with this Policy. Once deleted, they cannot be recovered.

Our goal is to provide a powerful, seamless note-taking experience while keeping your privacy intact.

1. INFORMATION WE COLLECT

We will collect and use the following categories of Personal Information about you.

1.1 Information you provide to us

Registration Information.

When you create an account on our Services, you may be asked to provide:

  • Name (if provided)
  • Email address
  • Password (for email/password sign-up)

You may also choose to sign in using third-party providers, such as Google or Apple. In that case, we receive information such as your name, email address, and profile information from those providers.

For paid plans and subscriptions, transaction and billing information is processed via:

  • Apple App Store
  • Google Play Store
  • A subscription management service such as RevenueCat (or similar)

Payment card details are handled by these providers and are not stored by us.

App Content and Note Information.

When you use the Services, you may provide us with:

  • Text notes, titles, tags, and other metadata
  • Imported files and documents (e.g., PDFs, Word documents, images)
  • Scanned documents (using the device camera)
  • Audio/voice recordings and related content
  • Transcriptions, summaries, and extracted action items or tasks (where those features are enabled)

This content is stored in our cloud infrastructure (e.g., via Firebase) and/or locally on your device for syncing and offline access.

Communication Information.

When you contact us (for example via email or in-app support), you provide:

  • Your email address or other contact details
  • Any information you include in your message, including details about your request or issue

We use this information to respond to you and keep a record of communications.

1.2 Information you provide us about others

If you use collaboration or sharing features, or if you choose to connect external services that include other people’s data, you may provide us with:

  • Email addresses and contact information of co-workers, collaborators, or friends
  • Meeting details that include other participants
  • Audio recordings or notes that contain third parties’ Personal Information

By providing such information, you confirm that you have the necessary permissions or legal basis to share it with us and to enable us to process it in accordance with this Policy.

1.3 Information we automatically collect or that is generated when you use the Services

Usage Information.

When you use the Services, we automatically collect information relating to your activity, such as:

  • Actions taken in the app (e.g., create, edit, view, share, delete notes or recordings)
  • Use of features such as OCR, translation, reminders, integrations, and audio recording
  • Timestamps of interactions and events
  • Opened notifications and in-app messages
  • Log and diagnostic data to help maintain and improve the Services

Device Information.

We collect certain device-level information, such as:

  • IP address
  • Device identifiers (e.g., device ID, advertising identifiers where permitted and consented)
  • Device type, model, and operating system
  • App version, language, time zone, and network status (online/offline)
  • Platform (iOS, Android, web, etc.)

Cookies and Similar Technologies.

We and our third-party partners use cookies, SDKs, and similar technologies in the App and on the Website to:

  • Provide core functionality (such as login and security)
  • Remember your settings and preferences
  • Analyze usage and performance
  • Support marketing attribution and, where allowed by law and your settings, measure the effectiveness of campaigns

For more information, see Section 3: How We Use Cookies and Similar Technologies.

Approximate Location Information.

We may infer your approximate location from your IP address and device settings (e.g., time zone, locale). We do not use precise GPS location data.

1.4 Information received from third parties

Third-Party Integration Platforms.

When you connect third-party platforms, apps, or providers to our Services, we receive Personal Information from them in accordance with their terms and your settings. These may include, for example:

  • Calendars and productivity platforms (e.g., Google Calendar, Outlook/Microsoft 365): meeting titles, dates/times, participants, and links
  • Cloud storage & collaboration tools (e.g., Google Drive, OneDrive, Zoom cloud, Skribby): links to or metadata about files and recordings you choose to use with iNotes
  • Sign-in providers (e.g., Google, Apple, Microsoft): name, email, profile identifiers used for authentication

We refer to this information collectively as “Platform Information.”

Payment and Subscription Providers.

We receive limited transaction information from the Apple App Store, Google Play Store, and/or subscription services like RevenueCat, such as:

  • Product purchased
  • Subscription status (active, cancelled, renewal date)
  • Transaction identifiers and receipts

Analytics and Attribution Partners.

From analytics and marketing attribution tools (such as Firebase Analytics and Appsflyer), we may receive:

  • Aggregated usage statistics
  • Campaign source data
  • Information on how you installed or discovered the app

We may combine this with other information we hold to better understand usage and improve the Services.

2. HOW WE USE YOUR PERSONAL INFORMATION

We use your Personal Information for the purposes described below and based on the following legal grounds where applicable.

2.1 Set up and manage your account

We use your registration information, device information, and information received from third parties (such as sign-in providers) to:

  • Create and maintain your user account
  • Authenticate your login and secure access
  • Sync your notes, settings, and preferences across devices

This is necessary to perform our contract with you (providing the Services) and, where applicable, in our legitimate interests to operate our business.

2.2 Provide and operate the Services

We use your:

  • Notes, files, and other user content
  • Audio/voice recordings, transcripts, summaries, OCR output, translations
  • Platform Information from connected services (e.g., calendar and cloud storage)
  • Usage and device information

to:

  • Store, organize, and sync your notes and attachments
  • Scan and extract text from documents (OCR)
  • Translate and detect language
  • Process audio for transcription and summarization (e.g., through providers such as AssemblyAI or Skribby)
  • Provide reminders, notifications, and meeting-related features
  • Facilitate collaboration and sharing features you choose to use

We process this data as necessary to perform our contract with you and to provide the features you have enabled.

2.3 Improve and monitor the Services

We use information we automatically collect or generate about you when you use the Services (including analytics and diagnostic information) to:

  • Analyze how the Services are used
  • Maintain and improve functionality, performance, and security
  • Develop new features and services
  • Fix bugs and technical issues

We may use aggregated, de-identified, or anonymized data for analytics and product improvement. Where we rely on Personal Information, we do so based on our legitimate interests in operating, improving, and securing our Services.

We do not use your personal notes or content to build generalized advertising profiles, and we do not sell your Personal Information.

2.4 Communicate with you

We use your contact information and communication history to:

  • Respond to your questions and support requests
  • Send important notices, such as changes to our terms, security alerts, or service-related messages

Such processing is necessary to perform our contract with you and based on our legitimate interests to provide customer support.

2.5 Send you newsletters and marketing

With your consent (where required by law), we may:

  • Send you newsletters, product news, or updates
  • Inform you about new features, promotions, or offers
  • Use limited usage data to tailor which updates you receive

You can opt out at any time by using the unsubscribe link in our emails or by contacting us.

2.6 Prevent fraud, ensure security, and comply with law

We may use relevant Personal Information to:

  • Monitor use of the Services to detect and prevent fraud, abuse, or security incidents
  • Enforce our terms and policies
  • Protect our rights, property, and users
  • Comply with legal obligations, court orders, or requests from competent authorities

We rely on legal obligations and our legitimate interests in protecting the Services and our users.

3. HOW WE USE COOKIES AND SIMILAR TECHNOLOGIES

We and our third-party partners use cookies, SDKs, and similar technologies to collect information about your interactions with the Website and App.

What are cookies?

Cookies are small text files that are stored on your device when you visit a website. SDKs are similar technologies used in mobile apps.

We use the following types of cookies and technologies:

  • Strictly Necessary Cookies: Required for core functionality such as security, login, session management, and load balancing. The Services cannot function properly without these.
  • Functional Cookies: Help us remember your preferences (e.g., language, region) and personalize your experience.
  • Analytics and Performance Cookies: Used to understand how users access and use the Services. We rely on tools such as Firebase Analytics to measure performance and usage trends.
  • Attribution and Marketing Technologies: Used by services such as Appsflyer (and similar providers) to measure the performance and effectiveness of marketing campaigns, subject to your consent where required (e.g., on iOS via App Tracking Transparency).

You can block or delete cookies via your browser settings. On mobile devices, you may also control permissions and advertising identifiers via your device settings. If you disable certain cookies, some features of the Services may not function correctly.

4. WITH WHOM WE SHARE YOUR PERSONAL INFORMATION

We share your Personal Information with selected third parties in limited circumstances, including:

Other Users and Collaborators.

When you choose to share notes, documents, or workspaces, we share the relevant information (e.g., note content, your name and email) with the recipients in accordance with your sharing settings.

Cloud Infrastructure and Backend Providers.

We rely on third-party providers such as Google Firebase (and related Google Cloud services) for hosting, databases, authentication, push notifications, and serverless functions.

Machine Learning and Transcription Providers.

To provide OCR, translation, and transcription/summarization features, we may share data with:

  • Google ML Kit (for OCR, translation, language detection)
  • AssemblyAI and/or Skribby (for audio transcription, summarization, and action items)

These providers process data only as necessary to deliver the relevant features and in accordance with their own privacy policies.

Analytics and Attribution Providers.
 We work with analytics and mobile measurement partners, such as:

  • Firebase Analytics
  • Appsflyer

These help us understand usage patterns and measure campaign performance. They may receive device identifiers, IP address, and usage events, subject to applicable law and consents.

In-App Purchase and Subscription Providers.

To manage payments and subscriptions, we share necessary information with:

  • Apple App Store
  • Google Play Billing

Subscription management platforms such as RevenueCat (or similar providers)

These providers are responsible for processing payment data and may use your Personal Information in accordance with their own privacy policies.

Integrated Third-Party Programs and Platforms.

Where you choose to connect iNotes with third-party platforms (e.g., Google Calendar, Outlook/Microsoft 365, Zoom, Google Drive, OneDrive, Skribby), we share information with those services as authorized by you. For example:

  • Calendar event details to create reminders
  • Links or metadata for recordings and documents
  • Transcripts and summaries if you choose to sync them

Service Providers and Vendors.

 We may share Personal Information with professional service providers that assist us with:

  • Customer support
  • Hosting and infrastructure
  • Security and monitoring
  • Email delivery and communication tools
  • Logging, diagnostics, and error reporting

These providers act on our behalf and are bound by contractual obligations to protect your Personal Information.

Law Enforcement and Legal Requests.

We may disclose your Personal Information to law enforcement agencies, public authorities, or other judicial bodies if we are required to do so by law or if we have a good faith belief that such disclosure is reasonably necessary to:

  • Comply with legal obligations, procedures, or requests
  • Enforce our terms and policies
  • Detect, prevent, or address security, fraud, or technical issues
  • Protect the rights, property, or safety of us, our users, or the public

Change of Corporate Ownership.

In the event of a merger, acquisition, bankruptcy, reorganization, or sale of all or a portion of our assets, your Personal Information may be transferred as part of that transaction, subject to this Policy or a successor policy that offers at least a comparable level of protection.

5. HOW LONG WE STORE YOUR INFORMATION

We store Personal Information for as long as necessary to fulfill the purposes set out in this Policy, or for as long as we are required to do so by law (for example, for tax, accounting, or legal obligations).

When you delete:

  • Individual notes, documents, or recordings
  • Transcripts, summaries, or tasks
  • Your entire account

we take steps to permanently delete or irreversibly anonymize this data from our active systems within a reasonable timeframe, subject to any legal retention requirements.

Server logs and backup copies may be retained for a limited period (e.g., for security and disaster recovery). Once those periods expire, the relevant data is deleted or anonymized.

6. YOUR RIGHTS

Depending on your location and applicable law, you may have some or all of the following rights in relation to your Personal Information:

  • Access: The right to request a copy of the Personal Information we hold about you, and information on how we use it.
  • Correction: The right to request that we correct any inaccurate or incomplete Personal Information about you.
  • Erasure: The right to request that we delete your Personal Information in certain circumstances (for example, where it is no longer needed for the purpose for which it was collected).
  • Object to Processing: The right to object to our processing of your Personal Information where we rely on legitimate interests or where we process it for direct marketing.
  • Restrict Processing: The right to request that we restrict our processing of your Personal Information in certain scenarios (e.g., while we verify the accuracy of the data).
  • Portability: The right to receive your Personal Information in a structured, commonly used, machine-readable format and to request that we transfer it to another controller where technically feasible, when processing is based on consent or contract.

Withdraw Consent: Where we rely on your consent (for example, for certain marketing or optional features), you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before the withdrawal.

We may ask you to verify your identity before responding to your request and may require additional information (for example, why you believe data is inaccurate). We may also have legal grounds to refuse your request, in which case we will explain why.

To exercise your rights, please contact us at:
📧 info@inotes.app

7. CHILDREN

The Services are not directed to children and we do not knowingly collect Personal Information from children under the age of 13 (or higher age where required by local law). If you become aware that a child has provided us with Personal Information in violation of this Policy, please contact us using the details below, and we will take steps to delete such information.

8. DATA SECURITY

We maintain and implement appropriate technical, organizational, and administrative safeguards designed to protect the confidentiality, integrity, and availability of your Personal Information. These measures include, for example:

  • Encryption in transit and at rest where appropriate
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring

However, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security. Any transmission of information is at your own risk.

The Website and App may contain links to third-party websites, services, or apps. Any information you provide to such third parties is governed by their own policies, not this Policy. We encourage you to review the privacy and security policies of those third parties.

9. CROSS-BORDER DATA TRANSFERS

We may transfer, store, and process your Personal Information in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction.

Where your Personal Information is transferred outside of the European Economic Area (EEA) or the United Kingdom, we will ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission or the UK authorities; or
  • Other mechanisms recognized by applicable data protection laws as providing an adequate level of protection.

You can contact us for more information on the specific safeguards applied to cross-border data transfers.

10. CHANGES TO THIS POLICY

We may update this Policy from time to time. When we do so, we will make the updated Policy available on this page and update the “Effective date” at the top.

If we make material changes, we may also notify you by email or through the Services. We encourage you to review this Policy periodically to stay informed about how we handle your Personal Information.

11. ABOUT US & CONTACT

If you have any questions, comments, or concerns about this Policy, or if you wish to exercise any of your rights, you may contact us at:

Art Hub Studio DOO

Donje Korlace 98

Raska, 36350

📧 support@arthub-apps.com

Where applicable, you also have the right to lodge a complaint with your local data protection authority if you believe our processing of your Personal Information infringes applicable law.