Privacy Policy for Noteillum

1. Introduction

Noteillum ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, process, and safeguard your personal information when you use our Noteillum application (the "App") on macOS platform.

Data Controller: Hrvoje Vuković, Croatia (EU)
Contact: vukovic.hrvoje@icloud.com

This Privacy Policy complies with the General Data Protection Regulation (GDPR) and other applicable EU privacy laws.

2. Information We Collect

2.1 Information You Provide Directly

• Apple Sign-In Information: When you authenticate using Apple Sign-In, we receive your Apple ID email address and display name (if you choose to share them)
• Books and Notes Content: Text content of books and notes you create within the App
• Email Reminder Preferences: If you subscribe to our premium service and enable email reminders, we collect your email preferences including frequency, preferred days, and number of random notes to include

2.2 Information Automatically Collected

• App Usage Data: Basic app launch timestamps (recorded once per day maximum) for newsletter subscribers
• Crash Reports: Anonymized technical information about app crashes through Firebase Crashlytics
• Subscription Information: Subscription status, expiry dates, and RevenueCat App User ID for subscription management

2.3 Information We Do NOT Collect

• We do not collect device identifiers, location data, browsing history, or any other personal information beyond what is specified above
• We do not track your usage patterns or behavior within the app
• We do not collect biometric data or sensitive personal information

3. How We Use Your Information

3.1 Primary Purposes

• App Functionality: To provide core note-taking and book organization features
• Authentication: To securely identify you and sync your data across your devices
• Email Reminders: To send you periodic email reminders with your notes (only if you subscribe and explicitly enable this feature)
• Newsletter: To send you occasional updates about the app (only if you opt-in)

3.2 Legal Basis for Processing (GDPR)

• Contract Performance: Processing necessary to provide the App services you've requested
• Legitimate Interest: Improving app stability through crash reporting
• Consent: Email reminders and newsletter subscriptions (you can withdraw consent at any time)

4. Data Storage and Security

4.1 Primary Data Storage

• Apple CloudKit: Your books, notes, and app settings are primarily stored in Apple's CloudKit service
• Security: Apple CloudKit provides end-to-end encryption and follows Apple's strict security standards
• Location: Data is stored in Apple's data centers with appropriate geographical protections

4.2 Secondary Data Storage (Premium Feature Only)

• Firebase Firestore: If you subscribe to premium features AND enable email reminders, copies of your notes are stored in Google Firebase Firestore to enable email delivery
• Security: Firebase provides enterprise-grade security with encryption in transit and at rest
• Access Control: Only our automated email system accesses this data, and only for the purpose of sending you reminders

4.3 Data Security Measures

• All data transmission is encrypted using industry-standard protocols
• We implement appropriate technical and organizational measures to protect your data
• Access to your data is strictly limited to what's necessary for service provision
• We regularly review and update our security practices

5. Data Sharing and Third Parties

5.1 Third-Party Services

We use the following trusted third-party services:

• Apple CloudKit: For primary data storage and synchronization
• Firebase (Google): For email reminder functionality and crash reporting (premium users only)
• RevenueCat: For subscription management and payment processing

5.2 Data Sharing Policy

• We do NOT sell, rent, or trade your personal information to third parties
• We do NOT share your notes content with anyone except as necessary to provide email reminders (if enabled)
• Third-party services only receive the minimum data necessary to provide their specific functionality
• All third-party services are bound by strict data protection agreements

6. Your Rights Under GDPR

As an EU resident, you have the following rights:

7. Data Retention

• Books and Notes: Retained until you delete them or delete your account
• Email Reminder Data: Retained only while you have an active subscription with email reminders enabled
• Newsletter Data: Retained until you unsubscribe
• Crash Reports: Anonymized data retained for up to 90 days for debugging purposes
• Account Data: Deleted within 30 days of account deletion request

8. International Data Transfers

• Apple CloudKit: May involve transfers to countries where Apple operates data centers, all with appropriate safeguards
• Firebase: Data may be processed in Google's global infrastructure with appropriate GDPR safeguards
• All international transfers comply with GDPR requirements including adequacy decisions or appropriate safeguards

9. Children's Privacy

Noteillum is suitable for all ages (4+). For children under 13 years of age, we do not knowingly collect personal information without parental consent. If you become aware that a child has provided us with personal information without appropriate consent, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy in the App
• Providing prominent notice in the App

Your continued use of the App after changes become effective constitutes acceptance of the new Privacy Policy.

11. Supervisory Authority

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority. In Croatia, this is the Croatian Personal Data Protection Agency (AZOP).