Privacy Policy

Last updated: June 16, 2026

Privacy Summary:

Noota is built with a privacy-first architecture. By default, transcription is performed on-device using Apple's Speech framework and local machine learning models (no raw audio is sent to AI APIs for transcription). If you choose to enable and use AI-powered features, transcript text and related content may be processed by third-party AI providers to generate requested outputs. Audio files under 50MB are securely synced to Noota's private cloud storage for backup and cross-device sync.

1. Introduction

Welcome to Noota ("we," "our," or "us"). Noota is an AI-powered note-taking application designed to help you transcribe, summarize, and organize audio, PDFs, and YouTube videos. We are committed to safeguarding your personal data and maintaining your privacy.

This Privacy Policy explains what data we collect, how it is stored, how we process it, and your choices regarding your personal data when using our iOS application, watchOS application, and website.

2. Core Architecture & On-Device Transcription

To maximize privacy, Noota uses a hybrid on-device and cloud architecture:

  • On-Device Transcription: By default, transcription is performed on-device using Apple's Speech framework and local machine learning models (Apple Speech framework on iOS 26+ or CoreML-powered WhisperKit models on iOS 17–25 fallback downloaded to your local device). We do not transmit your raw audio recordings to third-party AI APIs (such as OpenAI or Google Gemini) for speech-to-text conversion.
  • Cloud Synchronization: To support cross-device synchronization and secure backup, Noota securely uploads your notes, metadata, text transcripts, and audio recordings **under 50MB** to Noota's private, secure cloud storage.
  • Size Limits: Audio files exceeding 50MB and PDF files exceeding 25MB are kept local-only or processed via text-only summaries on the server. They are not uploaded in their raw binary form to Noota cloud storage.

3. Data We Collect

We collect data to provide, synchronize, and improve our services:

A. Account Information

When you register an account, we collect your email address, full name, and password. If you authenticate using Google Sign-In or Sign In with Apple, we receive basic profile details (email, name, and user identifier) to create your account. If you choose Guest Mode, we may generate an anonymous identifier to provide synchronization, restore functionality, and maintain your app experience across supported devices.

B. User-Generated Content

This includes:

  • Text transcripts, summaries, flashcards, quizzes, and chat history.
  • Notes, titles, tags, and category relationships.
  • Audio recordings (under 50MB), imported PDF files (under 25MB), and imported document/image files (up to 10MB).

C. Usage & Diagnostic Data

We collect event metrics to analyze app stability and performance:

  • Mobile App: We use Firebase Analytics and Firebase Remote Config to track app interactions, transaction completions, and paywall presentation metrics. No raw audio or transcript text is shared with Firebase.
  • Website: We use Plausible Analytics, a privacy-focused web analytics provider that does not collect personal identifiers, does not use cookies, and tracks usage anonymously. Noota does not use advertising cookies, cross-site tracking technologies, or behavioral advertising systems on its website.

D. Subscriptions & Payments

Payments and subscriptions are managed via RevenueCat and the Apple App Store. We do not store or process your credit card numbers. We receive subscription status, restoration events, and transaction IDs to unlock Pro features.

4. Third-Party AI Processing

Noota uses third-party AI services to generate summaries, action items, quizzes, flashcards, and to support AI chat features:

  • AI Providers: Google Gemini APIs and OpenAI APIs may be used to generate summaries, flashcards, quizzes, translations, and AI-assisted responses.
  • Data Sent: We send only the transcript text (or imported document text/image pixels) and your user prompts/instructions. **Raw audio is never sent to these AI engines.**
  • Explicit In-App Consent: You must explicitly tap "Agree" in the application before any text is sent to third-party AI providers. If you decline, you can continue using offline recording and transcription, but AI summaries will be disabled. You can revoke this permission in settings at any time.
  • No AI Model Training: We access Google Gemini and OpenAI through developer API contracts. Under these developer terms, the data sent from Noota is **not used to train** OpenAI's or Google's commercial models.

5. Storage, Security, and Data Retention

Security: We implement standard security protocols, including HTTPS encryption in transit and secure database access controls. Local tokens are stored using the iOS Keychain (using securely accessible flags that prevent access when the device is locked).

Storage Location: Synced database records are hosted on secure backend servers, and uploaded files are stored using managed cloud infrastructure providers.

Retention Policy:

  • We retain your synced data for as long as you maintain an active Noota account.
  • Raw audio recordings remain on your local device unless you manually delete them. We do not delete files locally upon successful upload.
  • System backups are rotated and automatically expired after a standard retention cycle.

6. User Rights & Account Deletion

Depending on your jurisdiction (such as the European Union under GDPR, or California under CCPA), you have the following rights:

  • The right to access, export, or correct your personal data.
  • The right to request the deletion of your personal data.
  • The right to withdraw your consent to AI processing.

How to Delete Your Account:

You can delete your account and all associated server-side notes, transcripts, and metadata:

  1. In the Noota iOS App, navigate to Settings.
  2. Tap Delete Account and confirm.
  3. Your account details and synchronized data will be deleted from active systems without undue delay following your deletion request.

Alternatively, or if you no longer have the app installed, you may request deletion by emailing us at support@noota.app. We will process your request within 30 days.

7. International Data Transfers

Some service providers used by Noota may process data in countries outside your country of residence. Where required by applicable law, we implement appropriate safeguards for such transfers.

8. Children's Privacy

Noota is not intended for use by children under the age of 16 (or 13 depending on local jurisdiction). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, contact us immediately and we will delete it.

9. Contact Us

If you have any questions or concerns about this Privacy Policy or wish to exercise your legal rights, please contact us at:

Noota Support Team

Email: support@noota.app

Support Page: https://noota.app/support