Privacy Policy
Effective date:
This Privacy Policy describes how the Notoir mobile application (“Notoir”, “the App”, “we”, “our”) collects, uses, and protects your personal data when you use it. The App is published by **, address: (the “Controller**”).
This policy is written to comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, “BDSG”). If you reside outside the European Economic Area, additional rights granted by your local law (such as the California Consumer Privacy Act) apply on top of this policy.
1. Summary at a glance
- Notoir is a local-first journaling app. Your journal entries, drawings, photos, mood data, and settings are stored on your device only — never on our servers.
- The App does not require an account, does not collect advertising identifiers, and contains no analytics or tracking SDKs for behavioural profiling.
- All journal data on the device is encrypted with SQLCipher (AES-256), with the encryption key protected by your device’s secure enclave.
- The App uses two third-party services on a strictly opt-in or technically necessary basis:
- Sentry GmbH (Germany) — anonymised crash and error reports
- komoot GmbH / Photon (Germany) — reverse geocoding for the optional “show city” feature
If you only ever use the App offline, with location disabled, no personal data leaves your device at all.
2. Data we process
2.1 Data stored locally on your device only
The following data never leaves your device unless you explicitly export, share, or back it up yourself:
| Category | Examples | How it is stored |
|---|---|---|
| Journal entries | Title, body text (HTML), date, mood (one of ten preset values) | SQLCipher-encrypted SQLite database |
| Attachments | Photos and drawings inserted into entries | Encrypted file system, file URIs in DB |
| Optional location | Latitude/longitude attached to an entry, when explicitly enabled | SQLCipher-encrypted SQLite database |
| Preferences | Theme, language, notification settings, biometric lock setting | SQLite database |
| Authentication state | PIN hash, biometric flag | Apple Keychain / Android Keystore |
We — the publisher — never receive, observe, or have any technical means to access any of the data above. There is no remote sync, no backup-to-cloud feature operated by us, and no telemetry that includes content.
2.2 Data that may leave your device
The following limited categories of data may be transmitted off your device under specific conditions, listed exhaustively:
(a) Crash and error reports — Sentry
- What: non-personal technical metadata about crashes and uncaught exceptions: stack traces, anonymised device model, OS version, App version, locale code, a non-reversible install identifier. No journal content, no images, no text input is ever included.
- When: transmitted automatically when the App crashes or hits a logged error condition.
- Recipient: Sentry GmbH, Prinzessinnenstraße 19–20, 10969 Berlin, Germany (sentry.io)
- Server location: European Union (Sentry EU region)
- Purpose: detect bugs and improve the App’s reliability
- Legal basis: Art. 6(1)(f) GDPR — legitimate interest in maintaining a working product. We have weighed this against your interest in confidentiality and concluded the data does not allow the user to be re-identified.
- Data Processing Agreement: in place pursuant to Art. 28 GDPR.
(b) Reverse geocoding — Photon (komoot)
- What: a single coordinate pair (latitude, longitude) sent over HTTPS in order to receive back a human-readable city/place name.
- When: only if you have manually enabled the “show city in entry” feature, and only at the moment you create an entry while location is on.
- Recipient: komoot GmbH, Wattstraße 11, 13355 Berlin, Germany — through their public Photon API (photon.komoot.io)
- Server location: Germany
- Purpose: translate coordinates into a place name so the App can display it
- Legal basis: Art. 6(1)(a) GDPR — your explicit consent, given when you enable the location feature. You can withdraw consent at any time in Settings → Location.
(c) Subscription receipts — Apple / Google
- What: the In-App Purchase receipt issued by the platform store when you start, renew, or restore a subscription.
- When: only if and when you make an in-app purchase. Free use of the App does not trigger this.
- Recipients: Apple Inc. (App Store) or Google LLC (Play Store), processing your purchase under their own privacy policies.
- Purpose: verify that your subscription is active and unlock paid features.
- Legal basis: Art. 6(1)(b) GDPR — performance of the contract you entered into when purchasing.
2.3 What we do not collect
For clarity, the App does not collect or transmit any of the following:
- Advertising identifiers (IDFA / GAID) — none are read.
- Behavioural analytics — no Mixpanel, Amplitude, Firebase Analytics, etc.
- Push notification tokens for marketing — local notifications only, scheduled on-device.
- Contacts, calendar, microphone, or any data outside the photo library you explicitly select.
- Your account from any social network — no SSO is offered or used.
3. Purposes and legal bases (Art. 6 GDPR)
| Processing | Purpose | Legal basis |
|---|---|---|
| Storing entries on your device | Provide the journaling functionality | Art. 6(1)(b) — performance of contract |
| Reverse geocoding via Photon | Display city name on entry, when opted in | Art. 6(1)(a) — consent |
| Sending crash reports to Sentry | Detect and fix software defects | Art. 6(1)(f) — legitimate interest |
| Processing in-app purchases | Provide paid features | Art. 6(1)(b) — performance of contract |
| Local biometric / PIN authentication | Protect your data on the device | Art. 6(1)(b) — performance of contract |
4. Retention
- On-device data is retained for as long as you keep the App installed and choose to keep it. You can delete individual entries at any time, or wipe all data through Settings → Privacy → Delete all data, or by uninstalling the App.
- Sentry crash reports are retained by Sentry GmbH for 90 days by default, after which they are deleted automatically.
- Photon API does not retain queries beyond standard transient web-server logs (typically 14 days), which contain only the IP address and the request — never user-identifiable journal content.
5. Recipients and international transfers
We do not sell, lease, or share your data with third parties for marketing.
The only recipients of any data outside your device are listed in Section 2.2:
- Sentry GmbH (EU/DE)
- komoot GmbH / Photon (EU/DE)
- Apple Inc. or Google LLC (only when you make a purchase)
Apple and Google may transfer purchase metadata to the United States as part of their own infrastructure. Such transfers are covered by the EU–U.S. Data Privacy Framework and the providers’ Standard Contractual Clauses. We have no influence over their internal processing — please consult Apple’s Privacy Policy and Google’s Privacy Policy.
6. Your rights under the GDPR
You have the following rights with respect to the limited categories of personal data we (or our processors) handle:
- Right of access (Art. 15) — request a copy of any data held about you.
- Right to rectification (Art. 16) — request correction of inaccurate data.
- Right to erasure (Art. 17) — request deletion of your data. Note: locally stored entries can be deleted directly in the App without needing to contact us.
- Right to restriction of processing (Art. 18).
- Right to data portability (Art. 20) — Notoir’s built-in archive export feature provides your entries in machine-readable form.
- Right to object (Art. 21) — in particular against processing based on legitimate interest (Sentry crash reports). On request, we will instruct Sentry to delete reports linked to your install.
- Right to withdraw consent (Art. 7(3)) — for opt-in processing such as Photon reverse geocoding, at any time, by toggling the corresponding setting off in the App.
- Right to lodge a complaint with a supervisory authority (Art. 77). For users in Germany, the competent authority depends on your federal state — see https://www.bfdi.bund.de/ for a list. For users elsewhere in the EU, see https://edpb.europa.eu/about-edpb/board/members_en.
To exercise any right, write to **. We will respond within one month of receipt (Art. 12(3) GDPR).
7. Security
- All journal data on the device is stored in a SQLCipher-encrypted SQLite database, using AES-256 in CBC mode with HMAC-SHA512 page authentication.
- The database encryption key is generated on first launch and stored in the platform secure storage (iOS Keychain with
kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly, Android Keystore). - The App offers an optional biometric (Face ID / Touch ID / fingerprint) or PIN lock for an additional layer of protection.
- All network communication (Sentry, Photon) is performed over HTTPS with certificate validation.
While we apply industry-standard safeguards, no system is perfectly secure. Please note that if you lose access to your device and have no backup, your encrypted data is unrecoverable — neither we nor anyone else holds a recovery key.
8. Children
The App is not directed to children under years of age. We do not knowingly collect personal data from children under that age. If you believe a child under has used the App, please contact us at ** so we can take appropriate action.
9. Cookies and tracking
The App is a native mobile application and does not use cookies. It does not contain web views that load third-party trackers, and does not embed advertising SDKs.
10. Changes to this policy
We may update this Privacy Policy to reflect changes to the App or to the law. Material changes will be communicated through:
- A new effective date at the top of this page.
- An in-App notice on the next launch following a material change.
The current version is always available at https://aleksblv.github.io/notoir-legal/privacy/.
11. Contact
For any privacy-related question, request, or concern, please contact the Controller:
Email: **
This document is the official Privacy Policy of the Notoir application. The English version is authoritative; translations into other languages are provided for convenience.