Privacy Policy

Last Updated: April 2026

1. Information We Collect & How We Use It

NoteNest is designed with a "local-first" privacy model. When you create an account via Firebase Google Authentication, we access your basic profile information (Name, Email, Profile Picture) to identify your account. This information is stored locally on your device. Your actual note content (text, images, audio) is encrypted locally using AES-256 and is never transmitted to our servers.

2. Google Drive Data (Limited Use Disclosure)

To provide secure cloud backups, NoteNest requests access to your Google Drive via the appDataFolder scope. NoteNest's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

• We only use this permission to create, update, and restore a hidden backup file of your encrypted notes inside a dedicated app folder on your Google Drive.
• We cannot see, read, or access any other personal files or folders in your Google Drive.
• To maintain background syncing, your OAuth Refresh Token is encrypted and securely stored on our backend infrastructure. It is strictly used for app functionality and is never shared with third parties.

3. Android Permissions

We request the following device permissions only when required for core app functionality:

• Microphone (RECORD_AUDIO): Required only when you actively choose to record a voice note. Audio files are saved locally to your device.
• Storage/Media: Required only to allow you to select and attach images to your notes.
• Alarms (SCHEDULE_EXACT_ALARM): Required to deliver precise notifications when you schedule an alarm for a specific note.
• Biometrics: Required only if you enable the "App Lock" feature. Authentication happens locally on your device; we do not collect or transmit your biometric data.

4. Third-Party AI Integrations (Google Gemini)

NoteNest allows you to integrate the Google Gemini API for features like grammar correction and text rewriting. To use this, you must input your own personal API key. When you trigger an AI feature, only the specific text you have selected is sent directly to Google's API. NoteNest does not store your AI queries or use them to train our own models.

5. Account & Data Deletion Request

You have the right to request the deletion of your account and all associated data at any time. To initiate a deletion request, please contact us at nestnotelab09@gmail.com Send Email

Upon request, we will delete your account metadata and revoke all OAuth tokens from our servers. Because your notes are stored in your personal Google Drive, you may also manually delete the "NoteNest" backup folder from your Google Drive settings for immediate and total data removal.

6. Contact Us

If you have any questions regarding this privacy policy or your data, please contact us at nestnotelab09@gmail.com Send Email