Back to Home

Privacy Policy

Last updated: October 5, 2025

Our Commitment to Privacy

At Beanotes, we believe your personal notes and memories are sacred. We built this app with privacy at its core, and we are committed to protecting your data and being transparent about how we handle it.

This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

1. Information We Collect

Information You Provide

When you choose to store data in the cloud, you directly provide us with:

  • Account Information: Phone number for authentication
  • Being Information: Names of people you create and their birthdays (not encrypted)
  • Relationship Information: Relationship types you define (not encrypted)

Information We DO NOT Collect

Your privacy is paramount. We do not collect or have access to:

  • Local-Only Data: Any data you keep local stays only on your device. Local data is never synced to the cloud, and we have no access to it.
  • Note Content: Your notes are stored locally on your device or encrypted in the cloud. We cannot read them.
  • Moment Content: Your moments and memories are stored locally or encrypted. We have no access to this content.
  • Photos: Photos you add are stored locally or encrypted in the cloud and are not accessible to us.

Automatically Collected Information

  • Device Information: iOS version, device model, and unique device identifiers
  • Usage Data: Features used, session duration, and crash reports (anonymized)
  • Technical Data: App performance and diagnostic information

2. How We Use Your Information

We use your information solely to provide and improve the Beanotes service:

  • Provide the Service: Authenticate your account and make your cloud-stored beings and relationships accessible across devices
  • Account Management: Verify your identity and manage your account
  • Service Improvements: Understand how features are used to make the app better (using anonymized data)
  • Support: Respond to your questions and troubleshoot issues
  • Security: Protect against fraud, abuse, and security threats
  • Ask AI Feature: Process your notes locally on your device to provide AI-powered summaries and answers (all processing happens on-device; we do not collect or transmit your queries or AI responses)

We never use your content for advertising, marketing to you, or selling to third parties.

3. Ask AI Feature (Beta)

The Ask AI feature is a beta feature designed to help you quickly summarize notes and get answers about your content. This feature is built with your privacy as the top priority:

Complete On-Device Processing

All AI processing happens entirely on your device. When you use Ask AI:

  • Your notes and questions never leave your device
  • We do not collect, store, or transmit your AI queries
  • We do not collect, store, or transmit the AI responses
  • No external AI services or servers are used
  • Your data remains completely private and under your control

How It Works with Your Data

  • Local Data: Ask AI can process all notes stored locally on your device without any restrictions
  • Cloud Data with Mentions: For notes stored in the cloud, you must use @mentions to specify which people's notes you want to query. This is required due to the end-to-end encryption of cloud-stored notes.
  • Cloud Data without Mentions: If you don't specify mentions, Ask AI uses an on-device Named Entity Recognition (NER) model to detect names in your query and will only process local data for privacy protection

Performance Considerations

Because all AI processing happens on your device (not in the cloud), it is CPU intensive and may:

  • Temporarily increase device CPU usage and temperature
  • Consume more battery power during use
  • Take longer to process compared to cloud-based AI services

This trade-off ensures your complete privacy: we chose on-device processing specifically so your notes never need to be transmitted to external servers.

Limitations

Ask AI is designed for quick questions and summaries, not extended conversations. This helps manage device resources while maintaining privacy.

4. Data Storage and Security

Local Storage

By default, your data is stored locally on your iOS device only. When data is stored locally, it stays on your device and is protected by your device's security features, including encryption and biometric authentication if enabled.

Important: We have no access to any data you keep local. Local data never leaves your device, is never synced to the cloud, and is not transmitted to our servers.

Encryption for Cloud Data

When you choose to store data in the cloud, your notes and moments are encrypted when stored in our cloud servers. We use industry-standard encryption protocols (AES-256) to protect this data. Because your notes and moments are encrypted, we cannot read them — only you can.

Important about your decryption PIN: Your decryption PIN is automatically stored in your iCloud Keychain for convenience. If you use the same iCloud account on all your devices, your PIN will be automatically available to decrypt your data. However, you can also manually enter your PIN if needed. We strongly recommend storing your PIN in a secure password manager or other safe location as a backup. Without your PIN (and without access to your iCloud Keychain), your encrypted cloud data cannot be decrypted—even by us. This zero-knowledge encryption ensures maximum privacy.

Important: The following information is not encrypted when stored in the cloud, as this data needs to be accessible for the app to function properly across your devices and for collaboration features:

  • Names of people (beings) you create
  • Birthdays you add
  • Relationship types

Cloud Storage

When you store data in the cloud, we use Firebase (by Google) as our cloud infrastructure. Your encrypted notes and moments are stored in secure data centers with strict access controls. Being names, birthdays, and relationship data are stored securely but are not encrypted.

5. Data Sharing and Disclosure

We do not sell, rent, or share your personal information with third parties for their marketing purposes. We may share your information only in these limited circumstances:

  • With Your Consent: When you explicitly choose to share notes with other Beanotes users
  • Service Providers: With trusted vendors who help us operate the service (Firebase for authentication and cloud storage, analytics) under strict confidentiality agreements. These providers cannot access your encrypted notes and moments, and have no access to local-only data.
  • Legal Requirements: If required by law, court order, or to protect our rights and safety
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)

6. Your Rights and Choices

You have control over your data:

  • Choose Local or Cloud: Decide whether to keep your data local-only or store it in the cloud. Local data never syncs to the cloud—they remain separate.
  • Access: View and export all your data at any time through the app
  • Correction: Edit or update your information directly in the app
  • Deletion: Delete individual notes or your entire account
  • Data Portability: Export your data in a standard format
  • Opt-out: Choose to keep all data local, or disable collaborative sharing

7. Data Retention

We retain your cloud-stored data for as long as your account is active or as needed to provide you services. When you delete your account, we will delete your cloud data within 30 days, except:

  • Data we must retain for legal or regulatory compliance
  • Backup copies that are deleted according to our standard deletion schedule
  • Anonymized usage data that cannot identify you

Note: Local data is never transmitted to our servers and remains on your device until you delete it or uninstall the app.

8. Children's Privacy

Beanotes is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. International Data Transfers

If you store data in the cloud, your data may be stored and processed in the United States or other countries where Firebase and our service providers operate. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

10. Third-Party Services

Beanotes uses the following third-party services:

  • Firebase Authentication: For phone number authentication (subject to Google's privacy policy)
  • Firebase Cloud Storage: For secure data storage (only when you choose to store data in the cloud)
  • Analytics: To understand app usage and improve performance (anonymized data only)

These services are provided by Google and have their own privacy policies. We encourage you to review Google's privacy policy at https://policies.google.com/privacy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or via email. Your continued use of Beanotes after changes are made constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at:

Email: support@beanotes.app

13. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to say no to the sale of personal information
  • Right to access your personal information
  • Right to equal service and price

To exercise these rights, please contact us at support@beanotes.app.

SupportTerms of ServiceBack to Home