Privacy Notice for NoteBee
Last updated: April 5, 2026 | Version: 3.0 | Previous version: 2.1 (February 2026)
Key Changes in Version 3.0
The following summarizes the material changes from version 2.1 (February 2026) to version 3.0 (April 2026). We encourage you to read the full notice, but this summary highlights what is new or different.
| Change | Details |
|---|---|
| Product analytics added | We now use Amplitude to understand how the App is used. All analytics data is stored in the EU (Amsterdam). See Section 6.3. |
| Crash reporting added | We now use Firebase Crashlytics to detect and resolve application crashes. Reports are retained for one (1) year. See Section 6.3. |
| Voice features added | NoteBee now offers voice transcription powered by a third-party AI provider. These features require microphone access and your explicit consent. Audio is processed transiently and is not stored. See Section 6.6. |
| System permissions updated | Microphone access added for voice features. See Section 6.7. |
| Notice restructured | The entire notice has been reorganized into a table-based format for easier navigation. |
1. Introduction
Welcome to NoteBee. We appreciate that you trust us with your data, and we take that responsibility seriously. This Privacy Notice explains what personal data we process, why we process it, how we protect it, and what rights you have.
NoteBee is a macOS note-taking application designed with a local-first architecture. Your personal templates and notes are stored on your device. When you choose to use cloud-based features — such as AI-powered text processing or voice transcription — this notice describes exactly what data is transmitted, to whom, and for how long it is retained.
We do not run advertisements, we do not sell your data, and we do not monetize your information in any way beyond the subscription you pay for. If anything in this notice is unclear, please contact us at privacy@notebee.cloud.
2. Table of Contents
- Introduction
- Table of Contents
- About Us
- About You
- Sources of Data and Lawful Bases
- Personal Data in NoteBee
- Data Retention
- Third-Party Service Providers
- Data Sharing
- International Data Transfers
- Security Measures
- Your Rights Under GDPR (EEA/UK)
- Your Rights Under US State Privacy Laws
- Do Not Sell My Personal Information
- Privacy Notice Updates
- Contact Us
3. About Us
Nikita Havrylenko, operating as NoteBee ("we," "us," or "our"), is the data controller responsible for your personal data under this notice.
| Data controller | Nikita Havrylenko, operating as NoteBee |
| Location | Poland |
| Privacy inquiries | privacy@notebee.cloud |
| General support | support@notebee.cloud |
| Supervisory authority | UODO (Urząd Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warsaw, Poland — https://uodo.gov.pl |
We are not required to appoint a Data Protection Officer under GDPR Article 37, given the nature and scale of our data processing activities. For all privacy-related inquiries, please contact us directly at the privacy email address above.
4. About You
In this notice, "you" and "your" refer to any individual who downloads and uses the NoteBee macOS application (a "User").
Age restriction. NoteBee is not directed at children. You must be at least sixteen (16) years of age to use NoteBee. We do not knowingly process personal data from anyone under sixteen (16). If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at privacy@notebee.cloud and we will promptly delete that information.
5. Sources of Data and Lawful Bases
5.1 Where We Obtain Your Personal Data
NoteBee processes personal data from three (3) sources:
a) Directly from you. We receive personal data that you provide when you create an account, update your profile, or communicate with our support team. This includes your name and email address. Your templates, notes, and other content remain on your device and are not transmitted to us.
b) Automatically from your device. Certain data is generated automatically when you use NoteBee, including analytics events (such as feature usage and session duration), crash reports, and basic device information (operating system version, application version). This data helps us maintain and improve the service.
c) From third-party authentication providers. When you choose to sign in using Apple Sign-In or Google Sign-In, we receive limited authentication data from those providers. This typically includes your name, email address (or an Apple Private Relay address), and an authentication token. We do not receive or store your password from these providers.
5.2 Lawful Bases for Processing
Under the General Data Protection Regulation (GDPR), we rely on the following four (4) lawful bases to process your personal data:
| Lawful Basis | GDPR Article | When We Use It | Examples |
|---|---|---|---|
| Performance of the contract | Article 6(1)(b) | When processing is necessary to deliver the service you signed up for | Account creation and authentication; subscription management and billing |
| Consent | Article 6(1)(a) | When you explicitly opt in to a specific feature that involves additional data processing | AI-powered text processing (requires AI consent); voice transcription (requires both microphone permission and AI consent) |
| Legitimate interest | Article 6(1)(f) | When we have a justified business need that does not override your fundamental rights and freedoms | Product analytics to improve the application; crash reporting to maintain stability; software update checks |
| Legal obligation | Article 6(1)(c) | When we are required to process data to comply with applicable law | Retention of tax and transaction records; responding to lawful requests from competent authorities |
Regarding consent. You may withdraw your consent at any time by contacting us at privacy@notebee.cloud. Withdrawing consent does not affect the lawfulness of processing performed before the withdrawal. Please note that withdrawing consent for a particular feature may limit your ability to use that feature.
Regarding legitimate interest. We conduct a balancing test for each legitimate-interest purpose to ensure that our business needs do not override your rights and freedoms. You may object to processing based on legitimate interest at any time by contacting privacy@notebee.cloud.
6. Personal Data in NoteBee
6.1 Account Information
When you create a NoteBee account, we process the following personal data:
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| Email address | Account creation and authentication | Performance of the contract | Until account deletion |
| Display name | Personalization within the App | Performance of the contract | Until account deletion |
| Password | Authentication (hashed by Firebase; we never see or store your plaintext password) | Performance of the contract | Until account deletion |
| Avatar URL | Profile display | Performance of the contract | Until account deletion |
| Firebase user ID | Internal account identifier | Performance of the contract | Until account deletion |
Third-Party Sign-In
If you choose to sign in using a third-party identity provider, we receive a limited set of data through OAuth 2.0:
- Apple Sign-In. We receive your email address (or Apple's private relay email address) and display name. We do not receive or store your Apple password.
- Google Sign-In. We receive your email address, display name, and avatar URL. We do not receive or store your Google password. OAuth tokens are stored securely in the macOS Keychain on your device.
Data Automatically Collected by Firebase Authentication
Firebase Authentication, provided by Google, automatically processes certain technical data when you sign in:
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| IP address | Security and fraud prevention | Legitimate interest | Managed by Google per Firebase terms |
| User agent string | Security and fraud prevention | Legitimate interest | Managed by Google per Firebase terms |
| Sign-in timestamps | Security and fraud prevention | Legitimate interest | Managed by Google per Firebase terms |
6.2 Payments and Subscription Data
When you subscribe to a paid plan, we process the following data to manage your subscription and determine your feature access:
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| Subscription tier (Free or Pro) | Determining feature access and enforcing plan limits | Performance of the contract | Until account deletion |
| Billing interval and expiration date | Subscription management and renewal processing | Performance of the contract | Until account deletion |
| Payment transaction data | Processing payments and issuing receipts | Performance of the contract | Managed by Stripe per their data retention policy |
We do not see or store your payment card details. All payment processing is handled by Stripe.
RevenueCat manages subscription status and communicates with Stripe on our behalf. Your Firebase user ID is shared with RevenueCat solely for the purpose of associating your subscription status with your NoteBee account.
6.3 Technical Data
We process technical data through product analytics and crash reporting to maintain, improve, and ensure the stability of the App.
Product Analytics
We use product analytics to understand how the App is used, identify areas for improvement, and resolve issues. Analytics data is processed automatically when you use the App.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| Feature usage patterns (which features are used, frequency of use) | Understanding how the App is used to prioritize improvements | Legitimate interest | Five (5) years |
| Session data (session start, duration) | Analyzing usage patterns to improve performance and user experience | Legitimate interest | Five (5) years |
| Error events (error types, frequency — no user content is captured) | Identifying and resolving issues that affect the user experience | Legitimate interest | Five (5) years |
| App environment (app version, macOS version, distribution channel) | Ensuring compatibility across supported platforms and releases | Legitimate interest | Five (5) years |
| Email address | Identifying users for support purposes and correlating usage data with accounts | Legitimate interest | Five (5) years |
| Pseudonymous Firebase user ID | Cross-referencing with account data for debugging and support | Legitimate interest | Five (5) years |
| Subscription tier, template count, collection count | Understanding feature adoption and usage across different plans | Legitimate interest | Five (5) years |
All analytics data is stored in the European Union (Amsterdam, Netherlands).
We do not use analytics data for advertising, profiling, or behavioral targeting. We do not track the content of your templates, notes, or any user-generated text. We do not sell analytics data to third parties.
Amplitude (Amplitude Inc., USA)
- Data processed: Product usage events and user properties listed above
- Purpose: Product analytics and improvement
- Data region: EU (Amsterdam, Netherlands)
Crash Reporting
We use crash reporting to monitor application stability and resolve errors. Crash reporting is active in all release builds to ensure we can detect and fix issues promptly.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| Crash traces and stack traces | Identifying where crashes occur in the application code | Legitimate interest | One (1) year |
| Non-fatal error reports | Detecting issues before they escalate into crashes | Legitimate interest | One (1) year |
| Device information (macOS version, device model) | Reproducing issues in the correct environment | Legitimate interest | One (1) year |
| App version and distribution channel | Identifying which releases are affected by a given issue | Legitimate interest | One (1) year |
Crash reports do not contain any personally identifiable information. They include only technical data such as the device model and operating system version. Crash reports do not contain your template content, notes, or any user-generated text.
Firebase Crashlytics (Google LLC, USA/EU)
- Data processed: Crash traces, error reports, device information, app version
- Purpose: Application stability monitoring
- Data region: EU (europe-west)
6.4 Templates, Content and Local Storage
Your personal templates, notes, and collections are stored locally on your Mac and are never transmitted to our servers or any third party. We do not have access to the content you create in NoteBee, and we cannot recover it on your behalf.
Personal Templates (Local Only)
All personal content remains on your device in a local SQLite database. No personal template data is transmitted to or processed on any remote server.
| Data | Storage Location | Purpose |
|---|---|---|
| Templates (title, body text, rich text formatting, annotations) | Local SQLite database | Core app functionality |
| Collections | Local SQLite database | Content organization |
| Version history | Local SQLite database | Template versioning and rollback |
| Snippet keywords | Local SQLite database | Text expansion shortcuts |
| Usage metadata (usage count, last used date, word and character counts) | Local SQLite database | Sorting and display |
| Preferences and settings | UserDefaults | App configuration |
| AI consent acknowledgement | UserDefaults | Recording your consent state |
| Subscription status cache | UserDefaults | Offline entitlement display |
The local database is located at ~/Library/Application Support/NoteBee/notebee.store. We do not access, read, or back up this file. You retain full control over this data, including the ability to delete it at any time by removing the application.
macOS Keychain
NoteBee stores OAuth tokens for Google Sign-In in the macOS Keychain, protected by the operating system's hardware-backed security. We do not have access to your macOS Keychain. These items are protected by your Mac's login credentials and, where available, the Secure Enclave.
6.5 AI-Powered Features
NoteBee leverages third-party AI services provided by Google (Vertex AI) to power optional AI features within the App. AI features require your explicit consent before first use.
We do not use your data to train any AI model. Google is contractually prohibited from using content submitted via Vertex AI to train its models.
No content logging. We do not enable AI monitoring or content logging on our AI infrastructure. Your text is processed and returned — it is not logged, stored, or reviewed by us.
AI service providers may retain your inputs for up to thirty (30) days as part of their abuse and misuse monitoring, after which the inputs are deleted automatically.
AI Text Features
NoteBee offers the following AI-powered text features: rewrite, summarize, grammar fix, expand, simplify, change tone, continue writing, custom instruction, and AI translation.
How AI text features work:
- You select text and choose an AI action.
- The selected text is transmitted to the AI service provider via a secure API.
- The AI model processes your text and returns the result.
- The result is displayed in NoteBee on your device.
Data sent to the AI provider: selected text content, AI action type, and input parameters (e.g., desired tone, target language).
Data NOT sent to the AI provider: your entire template library, unselected templates, account information, or local data and preferences.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| Selected text content | AI text generation and translation | Consent | Not stored by NoteBee; up to thirty (30) days by the AI provider |
| AI action type and parameters | Processing instruction | Consent | Not stored |
| Token counts and credit cost | Usage tracking and billing | Performance of the contract | Until account deletion |
Consent Mechanism
Before you use any AI feature for the first time, NoteBee displays a notice explaining that your content will be transmitted to a third-party AI provider for processing. You must acknowledge this notice before AI features are enabled. You may decline and continue using NoteBee without AI features.
6.6 Voice Features
NoteBee offers voice-powered features that require your device microphone. These features require explicit macOS microphone permission.
How Voice Features Work
- You activate a voice feature (Transcribe or Adjust with Voice).
- NoteBee records audio from your microphone to a temporary file on your device.
- The audio is transmitted to the AI service provider for transcription.
- The transcribed text is returned to your device.
- The temporary audio file is deleted from your device immediately after processing.
We do not store your audio recordings. Temporary audio files exist only during the active transcription process and are deleted immediately afterward.
We do not perform any voice recording in the background. Recording occurs only when you explicitly activate a voice feature.
Audio is processed by the AI service provider under the same terms as text AI features.
| Data | Reasons for Processing | Lawful Basis | Data Storage |
|---|---|---|---|
| Audio recording | Voice transcription | Consent (microphone permission + AI consent) | Not stored — deleted immediately after processing |
| Transcribed text | Displaying result in the App | Consent | Session only — not stored separately |
Voice features require two (2) explicit permissions: macOS microphone access AND AI data processing consent. You can revoke microphone access at any time in macOS System Settings > Privacy & Security > Microphone.
6.7 System Permissions (macOS)
NoteBee may request the following macOS system permissions to provide its features. You can manage these permissions at any time in System Settings > Privacy & Security.
| Permission | Purpose | Required? |
|---|---|---|
| Clipboard access | Paste operations when using templates | Yes, for core functionality |
| Accessibility | Auto-paste after template selection, global hotkey, and snippet expansion (thirty-two (32) character in-memory buffer for keyword matching — never stored, logged, or transmitted) | Yes, for paste and snippet features |
| Microphone | Voice transcription features (Transcribe and Adjust with Voice) | No — only when you use voice features |
| Internet access | Authentication, AI features, subscription verification, update checks, analytics, and crash reporting | Yes, for connected features |
NoteBee does not request access to camera, location, contacts, calendar, photos, screen recording, or full disk access.
You may revoke any permission at any time. Revoking a required permission will disable the features that depend on it, but will not affect other functionality.
7. Data Retention
The following table describes how long we retain each category of data and how it is deleted.
| Data | Retention Period | Deletion Method |
|---|---|---|
| Account data (email, display name, profile) | Until account deletion | Delete account in App Settings |
| Local templates and content | Until you delete them or uninstall the App | Manual deletion or app removal |
| Product analytics data (Amplitude) | Five (5) years | Automatic |
| Crash reports (Crashlytics) | One (1) year | Automatic |
| AI usage metadata (token counts, credits) | Until account deletion | Account deletion |
| AI provider logs (Google) | Thirty (30) days | Automatic (provider side) |
| Audio recordings | Deleted immediately after transcription | Automatic |
| Payment data (Stripe) | Per Stripe's retention policy | Contact Stripe |
| Subscription data (RevenueCat) | Until account deletion | Account deletion |
| macOS Keychain data (OAuth tokens) | Until you sign out or uninstall | Sign out or app removal |
When you delete your account, we remove your personal data from our systems. Some data may be retained in third-party systems according to their respective retention policies as described above.
8. Third-Party Service Providers
We share your personal data with the following third-party service providers to deliver the functionality of the App. We do not sell your personal data to anyone.
| Service Provider | Data Shared | Purpose |
|---|---|---|
| Google LLC (USA/EU) — Firebase Authentication | Email, hashed password, IP address, user agent, sign-in metadata | User authentication and account management. Data region: EU (europe-west) |
| Google LLC (USA/EU) — Cloud Firestore | User profile, subscription status, AI usage quota | Account data persistence. Data region: EU (europe-west) |
| Google LLC (USA/EU) — Vertex AI | User-selected text content, audio for transcription | AI text processing and voice transcription. Google is contractually prohibited from using this data to train models |
| Google LLC (USA/EU) — Firebase Crashlytics | Crash traces, error reports, device info | Application stability monitoring. Data region: EU (europe-west) |
| Google LLC (USA/EU) — Firebase Remote Config | Standard SDK device metadata | Application configuration delivery |
| Google LLC (USA/EU) / Apple Inc. — Firebase App Check | Device attestation token | App authenticity verification and abuse prevention |
| Amplitude Inc. (USA) | Product usage events, user properties (email, Firebase user ID, subscription tier, app version) | Product analytics. Data region: EU (Amsterdam, Netherlands) |
| RevenueCat Inc. (USA) | Firebase user ID, subscription status, purchase transactions | Subscription management |
| Stripe Inc. (USA) | Payment information, Firebase user ID | Payment processing |
| Apple Inc. (USA) | Sign In with Apple: email, display name. App Attest: device attestation | Authentication and app verification |
| Sparkle (Open Source) | App version, macOS version, device architecture | Application update checking |
To receive a detailed list of all third-party recipients of your personal data, contact us at privacy@notebee.cloud.
9. Data Sharing
We share your personal data only in the following circumstances:
- Service providers — companies that help us deliver the App's functionality, as listed in Section 8. Each provider processes your data solely on our behalf and under contractual obligations to protect it.
- AI processors — third-party AI providers that process your content only when you explicitly invoke AI features. Your text and audio are transmitted for processing and are not used to train AI models.
- Payment processors — companies that handle subscription billing. We never see or store your credit card details; payment information is handled directly by Stripe and Apple.
- Legal authorities — we may disclose your data if required by applicable law, regulation, or legal process, or to protect our legitimate interests in the context of legal proceedings.
We do not sell your personal data.
We do not share your data with advertising networks.
We do not use your data for behavioral targeting or profiling.
We do not share your template content with any third party except when you explicitly invoke AI features.
10. International Data Transfers
NoteBee is operated from Poland, a member state of the European Union. We store and process cloud-based personal data primarily within the European Economic Area (EEA):
- Firebase services (Authentication, Firestore, Crashlytics) — hosted in EU regions (europe-west)
- Amplitude analytics — data stored in the EU (Amsterdam, Netherlands)
Your templates, notes, and local content are stored on your device and are not transferred internationally.
Some of our service providers, including Google LLC, Amplitude Inc., and RevenueCat Inc., are headquartered in the United States. When personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place by relying on one or more of the following mechanisms:
- EU Standard Contractual Clauses (SCCs) — contractual safeguards approved by the European Commission under Article 46(2)(c) of the GDPR, which require the data importer to protect personal data to a standard consistent with EU law.
- EU-US Data Privacy Framework — for service providers that have been certified under the EU-US Data Privacy Framework, as recognized by the European Commission's adequacy decision.
- Supplementary measures — including encryption of all data in transit using TLS.
You can request a copy of the safeguards we use for international data transfers by contacting privacy@notebee.cloud.
11. Security Measures
We implement a combination of physical, organizational, and technical measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
Physical Measures
- Cloud-hosted infrastructure — Cloud-based personal data (account information, subscription status, AI usage quotas) is stored in EU data centers operated by Google Cloud, which maintain enterprise-grade physical security controls including biometric access, twenty-four-hour surveillance, and environmental protections.
- No on-premises servers — NoteBee does not operate its own physical servers. All cloud infrastructure is managed by providers that comply with ISO 27001 and SOC 2 standards.
Organizational Measures
- Privacy by design and by default — We integrate data protection considerations into every stage of feature development and apply privacy-protective defaults for all users.
- Data minimization — We process only the minimum personal data necessary for each feature to function.
- Third-party provider reviews — We conduct regular security reviews of our sub-processors and service providers.
- Incident response procedures — We maintain incident response procedures that include notification to the relevant supervisory authority within seventy-two (72) hours of becoming aware of a personal data breach, in accordance with Article 33 of the GDPR.
Technical Measures
- Encryption in transit — All network traffic between NoteBee and our servers is encrypted using HTTPS/TLS.
- Secure credential storage — OAuth tokens are stored in the macOS Keychain, which provides hardware-backed secure storage.
- App authenticity verification — Firebase App Check verifies that requests to our backend originate from authentic instances of NoteBee.
- No AI content logging — We do not enable AI monitoring or content logging on our AI infrastructure. Your text and audio are processed and returned without being logged or stored.
- Diagnostic log protection — Sensitive values are masked in diagnostic and crash logs to prevent accidental exposure of personal data.
- Local data protection — Data stored on your device is protected by macOS file-system permissions and, when enabled, by FileVault full-disk encryption.
- OAuth 2.0 authentication — Third-party sign-in is handled via OAuth 2.0, ensuring that NoteBee never receives or stores your third-party account password.
12. Your Rights Under GDPR (EEA/UK)
If you are located in the European Economic Area or the United Kingdom, you have the following rights regarding your personal data under the General Data Protection Regulation:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Request correction of inaccurate or incomplete personal data |
| Erasure ("Right to be Forgotten") | Request deletion of your personal data where there is no compelling reason for continued processing |
| Restriction of Processing | Request that we limit how we use your data while we address your concerns |
| Data Portability | Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller |
| Object | Object to processing based on legitimate interest, including analytics and crash reporting |
| Withdraw Consent | Withdraw consent for consent-based processing (AI features, voice transcription) at any time, without affecting the lawfulness of processing carried out before withdrawal |
To exercise any of these rights, contact us at privacy@notebee.cloud. Please include sufficient information for us to verify your identity and specify which right you wish to exercise. We will respond within one (1) month of receiving your request. If your request is complex or we receive a high volume of requests, we may extend this period by an additional two (2) months, and we will inform you of any such extension within the initial one (1) month period.
There is no fee for exercising your rights. However, if your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request.
You have the right to lodge a complaint with your local data protection supervisory authority. Our supervisory authority is:
UODO (Urząd Ochrony Danych Osobowych) ul. Stawki 2, 00-193 Warsaw, Poland — https://uodo.gov.pl
We encourage you to contact us first at privacy@notebee.cloud so that we may address your concern directly.
13. Your Rights Under US State Privacy Laws
NoteBee respects privacy rights under applicable US state privacy laws, including but not limited to California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Delaware (DPDPA), Iowa (ICDPA), Indiana (INCDPA), Tennessee (TIPA), Minnesota (MCDPA), Maryland (MODPA), Nebraska (NDPA), New Hampshire (NHDPA), and New Jersey (NJDPA).
Practices NoteBee Does Not Engage In
| Practice | NoteBee's Position |
|---|---|
| Sell personal data | We do not sell personal data |
| Targeted advertising | We do not engage in targeted advertising |
| Profiling for automated decision-making | We do not profile users for automated decisions that produce legal or similarly significant effects |
| Share personal data for cross-context behavioral advertising | We do not share data for behavioral advertising |
Your Rights
Depending on your state of residence, you may have some or all of the following rights:
| Right | Description |
|---|---|
| Right to Know | Request information about the categories and specific pieces of personal data we have processed about you |
| Right to Delete | Request deletion of personal data we have processed from you |
| Right to Correct | Request correction of inaccurate personal data |
| Right to Portability | Receive your personal data in a portable, readily usable format |
| Right to Opt Out | Opt out of the sale of personal data, targeted advertising, or profiling (NoteBee does not engage in any of these practices) |
| Right to Non-Discrimination | Exercise your privacy rights without receiving discriminatory treatment |
| Right to Appeal | Appeal a decision we make regarding your privacy rights request |
To exercise your rights, contact us at privacy@notebee.cloud. We will verify your identity before processing your request and respond within forty-five (45) days. You may designate an authorized agent to submit a request on your behalf, provided the agent has your written permission and can verify their identity.
If we deny your request, you may appeal by contacting privacy@notebee.cloud with the subject line "Privacy Rights Appeal." We will respond to your appeal within sixty (60) days.
14. Do Not Sell My Personal Information
NoteBee does not sell, rent, or trade your personal information. Our revenue comes exclusively from paid subscriptions. We do not monetize your data in any way.
We do not respond to Do Not Track browser signals as NoteBee is a desktop application, not a website. However, we honor all applicable privacy rights regardless of signal type.
For California residents: Under the California Consumer Privacy Act (CCPA/CPRA), you have the right to know whether your personal information is sold or disclosed for a business purpose. NoteBee does not sell personal information and has not sold personal information in the preceding twelve (12) months. We do not have actual knowledge that we sell the personal information of consumers under sixteen (16) years of age.
15. Privacy Notice Updates
We may update this Privacy Notice from time to time to reflect changes in our practices, features, or legal requirements. When we make significant changes, we will notify you through the App or by updating the "Last updated" date at the top of this notice.
We encourage you to review this Privacy Notice periodically to stay informed about how we protect your information.
Version History
| Version | Date | Changes |
|---|---|---|
| 1.0 | February 19, 2026 | Initial notice (local-only application) |
| 2.0 | February 22, 2026 | Added AI features, cloud account data, subscriptions |
| 2.1 | February 22, 2026 | Added cookies section, expanded US state coverage, data breach procedures |
| 3.0 | April 5, 2026 | Added product analytics (Amplitude), crash reporting (Crashlytics), voice features, corrected system permissions, restructured in table-based format |
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Notice or our data practices, you may contact us:
| Purpose | Contact |
|---|---|
| Privacy inquiries | privacy@notebee.cloud |
| General support | support@notebee.cloud |
Data Controller: Nikita Havrylenko, operating as NoteBee, Poland
Supervisory Authority: UODO (Urząd Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warsaw, Poland — https://uodo.gov.pl
© 2026 NoteBee. All rights reserved.