Notelert Privacy Policy

Last Updated: December 2024

1. Introduction

Notelert ("we", "our", "the application") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our Notelert mobile application and related services.

By using Notelert, you agree to the practices described in this policy. If you do not agree with this policy, please do not use our services.

2. Information We Collect

2.1. Account Information

When you register and sign in to Notelert using Google Sign-In, we collect:

Email Address: Your email address associated with your Google account
Name: Your full name or display name from Google
User ID: A unique identifier generated by Google for your account
Profile Picture: If available in your Google account (optional)

2.2. Notification Information

To provide the reminder service, we collect and store:

Notification title and message: The content of your reminders
Scheduled date and time: When you want to receive notifications
Notification type: Whether it's a time-based or location-based notification
Notification status: Whether it has been read, completed, or canceled
Obsidian links: If the notification is linked to an Obsidian document

2.3. Location Information

For location-based notifications, we collect:

Saved locations: Addresses, place names, and geographic coordinates (latitude and longitude) that you manually save
Geofencing data: Information needed to trigger notifications when you enter or exit specific areas
Location permissions: We request access to your location in the foreground and background to provide location-based reminders

Important Note: We do not continuously track your location in real-time. We only use location when:

You create or edit a saved location
The application needs to verify if you are inside or outside a specific geographic area to trigger a notification

2.4. Google Calendar Information (Optional)

If you connect your Google Calendar account, we collect:

OAuth access tokens: Access and refresh tokens to access your Google Calendar
Calendar events: Title, description, date and time of events created in your calendar
Event IDs: Identifiers of events created in Google Calendar linked to your notifications

This information is used solely to synchronize your notifications with Google Calendar. You can disconnect Google Calendar at any time from the application settings.

2.5. Device Information

To provide push notifications and improve the service, we collect:

Device token: Unique identifier for sending push notifications to your device
Device type: Platform (iOS or Android) and device model
Operating system: Operating system version
Installation ID: Unique identifier of the application installation

2.6. Obsidian Plugin Information (Optional)

If you use the Obsidian plugin for Notelert:

Authentication token: A unique token generated to link your Notelert account with the Obsidian plugin
Token expiration date: When the authentication token expires
Token status: Whether the token is active or has been revoked

2.7. Premium Subscription Information

If you subscribe to Notelert Premium:

Subscription status: Whether you have an active subscription
Expiration date: When your subscription or trial period expires
Product ID: Identifier of the purchased subscription product
Payment information: Processed exclusively by Google Play Store or Apple App Store (we do not store credit card information)

2.8. Usage Information

We collect information about how you use the application:

Language preferences: Language selected in the application
Notification settings: Whether you have enabled push notifications, email notifications, etc.
Theme settings: Light/dark theme preference
Debug logs: Only if you enable debug mode (optional)

2.9. Technical Information

To diagnose issues and improve the service:

Error logs: Information about errors that occur in the application
Performance information: Application performance metrics (only in debug mode)

3. How We Use Your Information

We use the collected information to:

3.1. Provide the Service

Create, schedule, and send notifications according to your preferences
Manage time-based and location-based reminders
Synchronize notifications with Google Calendar (if enabled)
Provide integration with the Obsidian plugin
Manage your account and subscription

3.2. Improve the Service

Diagnose and resolve technical issues
Analyze application usage to improve functionality
Develop new features and capabilities

3.3. Communication

Send push notifications about your reminders
Send email notifications (only if enabled and you have a Premium subscription)
Respond to your inquiries and support requests

3.4. Legal Compliance

Comply with legal obligations
Protect our rights and prevent fraud
Respond to valid legal requests

4. Third-Party Services

Notelert uses the following third-party services that may collect information:

4.1. Google Services

Google Sign-In: For authentication and account creation
Privacy Policy: https://policies.google.com/privacy
Google Calendar API: To synchronize events with your calendar (optional)
Privacy Policy: https://policies.google.com/privacy
Google Maps API: For address search and geocoding
Privacy Policy: https://policies.google.com/privacy

4.2. Firebase (Google Cloud Platform)

We use Firebase for:

Firebase Authentication: User authentication
Cloud Firestore: Storage of user data, notifications, locations, and tokens
Cloud Functions: Server-side processing and business logic
Firebase Cloud Messaging (FCM): Push notification delivery

Firebase Privacy Policy: https://firebase.google.com/support/privacy

4.3. Expo

We use Expo for application development and distribution:

Expo Updates: Application updates
Expo Notifications: Local notification management
Expo Location: Location services

Expo Privacy Policy: https://expo.dev/privacy

4.4. Google Play Store / Apple App Store

For Premium subscriptions, payment processing is handled through:

Google Play Billing: For Android devices
Apple App Store In-App Purchases: For iOS devices

These services process your payment information. We do not store or have access to credit card information.

5. Information Sharing

We do not sell, rent, or share your personal information with third parties for their own marketing purposes.

We share information only in the following circumstances:

5.1. Service Providers

We share information with service providers who help us operate the application, such as:

Google (Firebase, Google Sign-In, Google Calendar, Google Maps)
Expo (development platform)
Hosting and cloud service providers

These providers are contractually obligated to protect your information and may only use it for specified purposes.

5.2. Legal Compliance

We may disclose information if necessary to:

Comply with a court order, subpoena, or legal process
Respond to government requests
Protect our rights, privacy, security, or property
Prevent fraud or illegal activity

5.3. Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Data Security

We implement technical and organizational security measures to protect your information:

6.1. Technical Measures

Encryption in transit: All communications use HTTPS/TLS
Encryption at rest: Sensitive data is stored encrypted in Firebase
Authentication: Data access protected by user authentication
Security rules: Firestore Security Rules ensure only you can access your data
Secure tokens: Authentication tokens are stored securely

6.2. Organizational Measures

Limited access: Only authorized personnel have access to data
Regular audits: We regularly review and update our security practices
Monitoring: We monitor data access to detect suspicious activity

6.3. Limitations

Although we implement robust security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your information.

7. Data Retention

7.1. Active Data

We retain your information while:

Your account is active
We need to provide the service
It is necessary to comply with legal obligations

7.2. Account Deletion

When you delete your account:

We permanently delete all your personal data from our servers
We delete all notifications, locations, and associated tokens
We delete Google Calendar events created by Notelert (if connected)
We delete device information

Note: Some data may remain in backups for a limited period before being permanently deleted.

7.3. Anonymous Data

We may retain anonymized and aggregated data that does not personally identify any user for analytical and service improvement purposes.

8. Your Rights (GDPR and CCPA)

If you reside in the European Union, California, or other jurisdictions with data protection laws, you have the following rights:

8.1. Right of Access

You can request a copy of all personal data we have about you. You can export your data directly from the application in Settings > Export Data.

8.2. Right of Rectification

You can correct or update your information at any time through the application or by contacting us.

8.3. Right to Deletion ("Right to be Forgotten")

You can request deletion of your account and all your personal data. You can do this from the application in Settings > Delete Account.

8.4. Right to Object

You can object to the processing of your personal data for certain purposes. You can disable specific features in the application settings.

8.5. Right to Data Portability

You can request that your data be transferred to another service provider. You can export your data from the application.

8.6. Right to Restriction

You can request that we limit the processing of your personal data in certain circumstances.

8.7. Withdraw Consent

You can withdraw your consent for data processing at any time by disabling specific features or deleting your account.

To exercise these rights, you can:

Use the built-in features in the application
Contact us at: joaquim.frances@protonmail.com

We will respond to your request within 30 days.

9. Application Permissions

Notelert requests the following permissions:

9.1. Location

Foreground location: To create and manage saved locations
Background location: To trigger notifications when you enter or exit specific geographic areas

Usage: These permissions are essential for location-based notifications. You can disable location access in your device settings, but this will limit the functionality of location-based notifications.

9.2. Notifications

Push notifications: To send reminders and alerts
Local notifications: To schedule notifications on the device

Usage: Essential for the main functionality of the application.

9.3. Internet and Network

Internet access: To synchronize data with our servers
Network status: To verify connectivity

Usage: Necessary to synchronize notifications, locations, and account data.

9.4. Local Storage

Device storage: To save preferences and cache data locally

Usage: Improves performance and allows partial offline functionality.

10. Cookies and Similar Technologies

Notelert is a mobile application and does not use traditional cookies. However, we use similar technologies:

Authentication tokens: To keep you signed in
Local storage: To save preferences and cache data
Device identifiers: To send push notifications

These technologies are essential for the application to function.

11. Children's Privacy

Notelert is not directed to children under 13 years of age (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If we discover that we have collected information from a child, we will delete it immediately.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

12. International Data Transfers

Your data may be processed and stored on servers located outside your country of residence, including:

United States (Firebase/Google Cloud)
Other countries where our service providers operate

By using Notelert, you consent to the transfer of your data to these countries. We implement appropriate safeguards to protect your information in accordance with this policy.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

Posting the new policy in the application
Sending a push notification (if enabled)
Updating the "Last Updated" date at the top

We encourage you to review this policy periodically. Continued use of Notelert after changes constitutes your acceptance of the revised policy.

14. Contact

If you have questions, concerns, or requests related to this Privacy Policy or the processing of your personal data, you can contact us:

Email: joaquim.frances@protonmail.com

We will respond to your inquiry as soon as possible, generally within 30 days.

15. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on:

Consent: When you accept this policy and use optional features (such as Google Calendar)
Contract performance: To provide the service you have requested
Legitimate interest: To improve the service, prevent fraud, and ensure security
Legal obligation: To comply with legal requirements

16. Additional Information

16.1. Data Not Collected

We do not collect:

Contact information from your address book
Content of your messages or emails (except those you send through Notelert)
Information from other applications installed on your device
Biometric information

16.2. Data Shared with Obsidian Plugin

If you use the Obsidian plugin for Notelert:

The plugin can access your notifications through a secure authentication token
The plugin does not have access to your complete account information
You can revoke the plugin's access at any time from the application

16.3. Email Notifications

Email notifications (Premium feature) are sent through our servers. Your email address is used solely for this purpose and is not shared with third parties for marketing.