← Back

Privacy Policy

Last Updated: June 6, 2026

1. Privacy-First Philosophy

At Audio Notes, we believe that your voice recordings and thoughts are highly personal. We designed Audio Notes from the ground up as a privacy-first application. Your raw audio recordings and transcriptions are saved locally on your device and are never kept or permanently stored on our servers.

🔒 Security Summary: We do not track you, we do not monetize your data, and we do not store your recordings or transcriptions on our servers.

2. Data We Collect and Hold

Because privacy is our primary concern, the scope of data collection is kept as minimal as possible:

  • Audio Recordings & Transcripts: Saved locally on your iOS device. They never hit our persistent storage.
  • iCloud Sync Data: If you choose to enable iCloud Sync, your notes sync directly to your private iCloud container. We do not have access to your iCloud data or sync payloads.
  • Shared Notes (Encrypted): If you choose to share a note using our share features, the note content and audio are encrypted client-side and uploaded to our servers (see Section 4 for encryption details).

3. How Data is Processed

To provide advanced AI capabilities, some features process data temporarily through secure APIs:

  • Transcription API: When you record audio, it is compressed and securely transmitted to our server, which forwards it to Fal.ai (running Wizper model) for audio-to-text transcription. The file is temporarily uploaded for processing and is deleted immediately upon completion.
  • AI Summarization & Chat: Transcripts are sent securely to our server and processed via OpenRouter API using industry-leading LLMs (such as GPT) to generate titles, summaries, bullets, action items, and conversational chat responses. This data is processed in real-time and is not stored by us or used to train external models.

4. Zero-Knowledge E2E Shared Notes

When you share a note via a public URL, we ensure complete privacy through End-to-End Encryption (E2EE):

  1. The note's text, structured summaries, and audio are encrypted directly on your iOS device using AES-GCM (256-bit) encryption before upload.
  2. The encrypted data is stored on our server (Cloudflare KV for text/metadata, Cloudflare R2 for audio).
  3. The decryption key is appended as a URL hash fragment (e.g., #key) in the link generated on your device. Web browsers do not send hash fragments to web servers, meaning the decryption key is never sent to or stored on our servers.
  4. Only individuals who possess the complete link (including the key fragment) can decrypt and read the note.

🔑 Critical Note: Because we do not store the decryption key, we cannot recover or decrypt your shared notes. If you lose the sharing link, the shared data cannot be recovered.

5. Third-Party Service Providers

We work with trusted third-party services to handle transcription, AI processing, and payments:

  • Fal.ai: Processes secure audio transcribing services.
  • OpenRouter: Serves queries for AI summaries, formatting, translations, and chat.
  • RevenueCat & SuperwallKit: Manage in-app purchases and paywall distributions. Payment information is securely handled by Apple App Store billing.

6. Data Retention

  • Local Notes: Kept indefinitely on your device until you delete them.
  • Shared Note Metadata: Stored on Cloudflare KV with an expiration of 24 hours (86,400 seconds) and automatically deleted thereafter.
  • Shared Note Audio: Stored securely on Cloudflare R2 bucket.

7. Support and Contact

If you have any questions or concerns regarding our privacy practices, please contact us at:

Email: support@thoccy.com