Privacy Policy

Welcome to NoteOak. This Privacy Policy explains how WATTS LABS LLC ("we," "us," or "our") collects, uses, and protects your information when you use the NoteOak mobile application.

# **Information We Collect**

## **Account Information**

- **Email Address**: When you create an account, we collect your email address for authentication and account recovery
- **Password**: Stored securely using industry-standard encryption (we never store passwords in plain text)
- **User ID**: A unique identifier assigned to your account

## **Study Content & Documents**

- **Uploaded PDFs**: Documents you upload for study material generation
- **PDF Annotations**: Notes, highlights, and drawings you add to PDFs using PencilKit
- **Generated Study Materials**: AI-generated summaries, flashcards, and quizzes created from your documents
- **Problem Solving Content**: Photos and text of problems you submit to the problem solver feature

## **Study Activity & Progress**

- **Study Sessions**: Start/end times, duration, accuracy percentage, and module types (flashcards/quiz/summary)
- **Quiz Results**: Answers selected, correct/incorrect counts, time per question, accuracy scores
- **Flashcard Interactions**: Cards studied, mastery levels, review history
- **User Statistics**: Current streak, longest streak, total study time, achievements, weekly goals
- **Device Type**: Whether you're using iPhone or iPad (for cross-device sync)

## **AI Feedback Data**

- **Problem Text**: Text extracted from images you submit
- **AI-Generated Answers**: Solutions provided by our AI
- **Your Corrections**: When you mark answers as helpful, wrong, or provide corrections
- **User Notes**: Additional feedback you provide
- This data is used to improve our AI models and is accessible only to administrators

## **Camera & Photos** (Ephemeral)

- **Camera Access**: For scanning documents and capturing problems to solve
- **Photo Library**: For selecting existing images
- **Important**: Photos are processed temporarily in memory only and are NOT permanently stored on our servers

## **Usage Analytics**

- **Subscription Status**: Whether you're a free or premium user
- **Credit Usage**: Number of AI credits consumed (free users: 33/day, premium: unlimited)
- **Paywall Interactions**: When and how you interact with subscription prompts
- **Feature Usage**: Which features you use most often
- **App Performance**: Crash reports and error logs
- **Collected via**: Superwall SDK and RevenueCat SDK

## **Information We DO NOT Collect**

- Your name, phone number, or physical address
- Location data
- Contact information
- Browsing history outside the app
- Financial information (Apple handles all payments)
- **We do NOT track you across other apps or websites**

# **Third-Party Services We Use**

We work with trusted third-party services to provide NoteOak's functionality. Your data is shared with these services only as necessary:

### **Supabase** (Backend Infrastructure)
- **Purpose**: Database storage, user authentication, file storage
- **Data Shared**: All user account data, uploaded documents, study sessions, annotations
- **Location**: Cloud infrastructure
- **Privacy Policy**: <https://supabase.com/privacy>
- **Security**: End-to-end encryption for data transmission, at-rest encryption, row-level security

### **RevenueCat** (Subscription Management)
- **Purpose**: Managing in-app purchases and subscriptions
- **Data Shared**: Anonymous user ID, purchase receipts, subscription status
- **Privacy Policy**: <https://www.revenuecat.com/privacy>
- **Note**: RevenueCat does NOT receive your email or personal information

### **Superwall** (Paywall Optimization)
- **Purpose**: Presenting subscription offers and A/B testing
- **Data Shared**: User attributes (onboarding status, subscription status), paywall events, anonymous user ID
- **Privacy Policy**: <https://superwall.com/privacy>

### **Anthropic Claude** (AI Processing)
- **Purpose**: Generating study materials, answering questions, problem solving
- **Data Shared**: Document text content, problem images/text, generation prompts
- **How It Works**: Your data is sent through our secure server (not directly from your device)
- **Privacy Policy**: <https://www.anthropic.com/legal/privacy>
- **Important**: Your data is NOT used to train Claude's models unless you explicitly opt-in

### **OpenAI** (AI Processing & Vision)
- **Purpose**: Fallback AI provider, image text extraction (OCR), problem solving
- **Data Shared**: Document text content, problem images (via GPT-4 Vision)
- **How It Works**: Your data is sent through our secure server (not directly from your device)
- **Privacy Policy**: <https://openai.com/privacy>
- **Important**: We use OpenAI's API with zero data retention - your data is NOT used for training

### **Apple iCloud** (Optional Sync)
- **Purpose**: Syncing PDF library across your devices (iPad feature)
- **Data Shared**: PDF files stored in your personal iCloud account
- **Privacy**: End-to-end encrypted by Apple
- **Control**: You can disable iCloud sync in iOS Settings

# **How We Use Your Information**

We use your information to:

### **Provide Core Functionality**
- Authenticate your account and keep you signed in
- Generate AI-powered study materials from your documents
- Solve problems using AI and computer vision
- Track your study progress and streaks
- Sync your data across devices
- Manage your subscription and credit limits

### **Improve Our Service**
- Analyze which features are most useful
- Fix bugs and technical issues
- Optimize AI model performance using your feedback
- Understand usage patterns to prioritize new features
- Improve app performance and stability

### **Communicate With You**
- Send important account notifications
- Respond to your support requests
- Notify you of subscription changes or renewals

### **We DO NOT**
- Sell your data to third parties
- Use your data for advertising
- Track you across other apps or websites
- Share your documents or study content with anyone

# **Data Storage & Security**

### **Where Your Data Is Stored**

- **Cloud Database (Supabase)**: User account data, study sessions, uploaded documents, annotations
- **Local Device**: Cached data, user preferences, temporary files
- **iCloud (Optional)**: PDF library files (stored in YOUR iCloud account)
- **Our Servers**: NONE - we use Supabase infrastructure, not our own servers

### **Security Measures**

- **Encryption in Transit**: All data transmitted using TLS/HTTPS
- **Encryption at Rest**: Database and file storage encrypted
- **Row-Level Security (RLS)**: You can only access YOUR data, not other users' data
- **Secure Authentication**: Passwords hashed using industry-standard algorithms
- **No API Keys in App**: AI API keys stored server-side, never in the app binary

### **How Long We Keep Your Data**

- **Account Data**: Stored until you delete your account
- **Study Content**: Stored until you delete your account or individual items
- **Analytics**: Aggregated analytics kept indefinitely, individual analytics for 90 days
- **Temporary Data**: Camera photos and processing data deleted immediately after use
- **Feedback Data**: Retained for AI model improvement until you request deletion

# **Your Rights & Choices**

### **Access Your Data**
You can view all your account information, study sessions, and documents in the app at any time.

### **Delete Your Account**
To permanently delete your account and all associated data:
1. Open NoteOak
2. Go to Settings → Account
3. Tap "Delete Account"
4. Confirm deletion

**What Gets Deleted:**
- Your email and account credentials
- All uploaded documents and PDFs
- All annotations and notes
- Study sessions and progress
- Quiz results and flashcard data
- User statistics and streaks
- AI feedback data

**This action is permanent and cannot be undone.**

### **Export Your Data**
Contact us at [email protected] to request a copy of your data in JSON format.

### **Control AI Feedback Collection**
You can choose not to provide feedback on AI-generated content. This is entirely optional.

### **Manage Subscription**
Manage or cancel your subscription through Apple's App Store settings (see our Terms of Use for details).

### **Disable iCloud Sync**
You can disable iCloud syncing in iOS Settings → iCloud → NoteOak.

# **Children's Privacy**

NoteOak is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at [email protected] and we will delete it.

# **Data Retention & Deletion**

- **Active Accounts**: Data retained as long as your account is active
- **Inactive Accounts**: We may delete accounts inactive for more than 2 years (with 30 days' notice)
- **Deleted Accounts**: Data permanently deleted within 30 days of account deletion
- **Backups**: Backup copies deleted within 90 days

# **International Data Transfers**

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

# **California Privacy Rights** (CCPA)

If you are a California resident, you have additional rights:

- **Right to Know**: Request what personal information we collect and how we use it
- **Right to Delete**: Request deletion of your personal information
- **Right to Opt-Out**: Opt-out of sale of personal information (Note: We do NOT sell your data)
- **Right to Non-Discrimination**: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at [email protected].

# **European Privacy Rights** (GDPR)

If you are in the European Economic Area (EEA), you have rights under GDPR:

- **Access**: Request a copy of your personal data
- **Rectification**: Correct inaccurate data
- **Erasure**: Request deletion of your data
- **Portability**: Receive your data in a machine-readable format
- **Restriction**: Restrict processing of your data
- **Objection**: Object to processing of your data
- **Withdraw Consent**: Withdraw consent at any time

**Legal Basis for Processing:**
- **Contract Performance**: To provide NoteOak services
- **Legitimate Interests**: To improve our service and prevent fraud
- **Consent**: For optional features like analytics

To exercise these rights, contact us at [email protected].

# **Changes to This Privacy Policy**

We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting a notice in the app
- Updating the "Last Updated" date above
- Email notification (if we have your email)

Your continued use of NoteOak after changes are posted constitutes acceptance of the updated Privacy Policy.

# **Contact Us**

If you have questions about this Privacy Policy or your data, please contact us:

**WATTS LABS LLC**
- Email: [email protected]
- Website: <https://noteoak.com/privacy>

# **Summary** (Not Legally Binding - For Reference Only)

**In Plain English:**

**What We Collect:**
- Your email and account info
- Documents you upload and study materials
- Your study progress and quiz results
- Anonymous usage analytics
- Camera/photos (only temporarily, not stored)

**How We Use It:**
- Provide AI-powered study features
- Track your progress
- Improve the app
- Manage your subscription

**Third Parties:**
- Supabase (data storage)
- Claude & OpenAI (AI processing) - your data is NOT used for training
- RevenueCat & Superwall (subscriptions)
- Apple iCloud (optional sync)

**Your Rights:**
- Delete your account anytime (Settings → Account → Delete Account)
- Export your data (email us)
- We DON'T sell your data
- We DON'T track you

**For the full legally binding policy, please read the complete Privacy Policy above.**

---

**By using NoteOak, you acknowledge that you have read, understood, and agree to this Privacy Policy.**