Privacy Policy
Jonathan Sims (“we,” “us,” or “our”) operates Notanem, a local-first writing application available as a desktop application and mobile application (collectively, the “App”). This Privacy Policy explains how we collect, use, and protect your information when you use the App.
Our Privacy Philosophy
Notanem is built on a local-first principle. Your creative work — manuscripts, notes, plot elements, annotations, and all other writing content — is stored on your device and never sent to our servers. We only collect the minimum information necessary to provide account authentication and optional sharing features.
Information We Collect
Account Information (Authenticated Users)
When you create an account, we collect:
- Email address — used for login, password resets, and account identification
- Name — used for display within the App and when sharing work with others
- Authentication credentials — passwords are hashed and stored securely by our authentication provider; we never have access to your plain-text password
If you sign in using Google or Apple, we receive basic profile information (email and name) as authorized by you through those services. We do not receive or store your Google or Apple passwords.
Local-Only Mode
You may choose to use Notanem without creating an account (“Use locally without an account”). In this mode:
- No personal information is collected
- No data is sent to any server
- All features that require an account (sharing, contacts) are unavailable
- The App makes no network requests to our services
Data Stored on Your Device
The following data is created and stored exclusively on your device and is never transmitted to our servers:
- Manuscripts and their sections
- Notes, collections, and research material
- Plot elements (beats, threads, arcs)
- Annotations and revisions
- Writing session activity (start time, word counts)
- User preferences and settings
- Navigation state
Data Transmitted to Our Servers (Authenticated Users Only)
When you are signed in and use sharing features, the following data may be transmitted:
- Share packages — when you explicitly choose to share sections of your manuscript with a reader, the selected content and associated metadata are temporarily stored on our servers for delivery
- Feedback — when a reader returns feedback on shared work, it is temporarily stored for delivery to you
- Contact information — if you add other users as contacts for sharing, we store the association between accounts along with display names
- Contact requests — invitations sent to other users, including any optional message you include
- Privacy settings — your sharing permission preferences (e.g., who can send you shares)
- Section checkouts — when transferring a section between your desktop and mobile devices, the content is temporarily relayed through our servers
Automatic Updates
The desktop App checks for software updates via GitHub’s public API. This check:
- Occurs on startup and periodically while the App is running
- Does not transmit any personal information
- Only retrieves publicly available release metadata
How We Use Your Information
We use the information we collect to:
- Authenticate your account and maintain your session
- Deliver share packages and feedback between you and your readers
- Manage your contacts list and sharing permissions
- Relay section content between your devices
- Send password reset emails when requested
- Check for and deliver App updates
We do not:
- Sell your personal information to third parties
- Use your data for advertising or marketing purposes
- Analyze your writing content or creative work
- Use analytics, telemetry, or behavioral tracking tools
- Build user profiles for any purpose beyond the App’s core functionality
Data Retention
Server-Stored Data
Transient data on our servers is automatically deleted on a defined schedule:
| Data | Retention |
|---|---|
| Undelivered share packages | 30 days, then auto-deleted |
| Delivered share packages | 7 days after delivery, then auto-deleted |
| Undelivered feedback | 30 days, then auto-deleted |
| Delivered feedback | 7 days after delivery, then auto-deleted |
| Expired contact requests | 14 days to accept, then auto-expired; deleted after 90 days |
| Section checkouts | Deleted on receipt confirmation, or after 30 days |
Your account profile (email and name) is retained until you delete your account.
Locally Stored Data
Data on your device is retained until you choose to delete it. You may export your data at any time using the App’s built-in export feature.
Third-Party Services
We use the following third-party services:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication and data relay for sharing features | Email, name, share/feedback content (transient) |
| Google (OAuth) | Optional sign-in method | Authentication is handled by Supabase; we receive your email and name |
| Apple (OAuth) | Optional sign-in method | Authentication is handled by Supabase; we receive your email and name |
| GitHub | App update distribution | No personal data; public API polling only |
We do not use any analytics, crash reporting, advertising, or behavioral tracking services.
Data Security
We take reasonable measures to protect your information:
- Authentication tokens are encrypted using your operating system’s secure storage (OS keychain)
- Passwords are hashed by our authentication provider and never stored in plain text
- OAuth authentication uses the PKCE flow for enhanced security
- Server-side data access is controlled by row-level security policies
- Transient data is automatically deleted on a defined schedule
Your Rights
You have the right to:
- Access your data — your creative work is stored on your device and is always accessible to you
- Export your data — the App provides built-in export functionality
- Delete your account — contact us to request account deletion, which will remove your profile and all associated server-stored data
- Use the App without an account — local-only mode provides full writing functionality without any data collection
- Opt out of sharing features — you can use the App for writing without ever using sharing, contacts, or cross-device features
For EU/EEA Residents (GDPR)
If you are located in the European Union or European Economic Area, you have additional rights including the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. To exercise these rights, contact us using the information below.
For California Residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect, request deletion of your personal information, and opt out of the sale of your personal information. We do not sell personal information.
Children’s Privacy
Notanem is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us so we can promptly delete it.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the “Last Updated” date at the top of this policy and, where appropriate, through the App. Your continued use of the App after changes are posted constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights regarding your data, please contact:
Jonathan Sims
Email: write@notanem.com