Privacy Policy

Effective Date: February 18, 2026

Last Updated: April 17, 2026

Jot ("we," "us," or "our") is a local-first notes app. This Privacy Policy explains what data is processed when you use the Jot application (the "App"), when data stays on-device, and when data is sent to third parties because you enable a specific feature.

1. Scope and Roles

• Product scope: This policy applies to the Jot app and this website.
• Local-first model: Most core note data is stored on your device and not on Jot-operated servers.
• Third-party processors: Some optional features use third-party providers that process data under their own terms and privacy policies.

2. Data We Process

2.1 Data Stored Locally on Your Device

• Notes and attachments: Note content, metadata, media attachments, and local history are stored on-device.
• Settings and preferences: App settings, privacy choices, and feature configuration are stored locally.
• API credentials you provide: API keys you enter are stored locally (for example, in platform-secure storage where available).
• Local analytics (if enabled): Writing stats, feature usage, and diagnostics are stored locally. They are not sent to Jot servers by default.

2.2 Data Sent Off Device When You Use Optional Features

• AI features: Prompts, selected note content, and model metadata are sent to the AI provider you choose to generate responses.
• Weather features: If enabled, location queries or coordinates are sent to configured weather providers to return forecasts.
• Cloud sync/backup: If enabled, exported notes and optionally attachments may be synced to your cloud provider (for example, iCloud).
• Support requests: Information you submit in support/community channels (for example, GitHub) is processed to respond and resolve issues.

3. Third-Party Services You May Use

• AI providers: OpenAI, Anthropic, Google.
• Weather providers: OpenWeatherMap, WeatherAPI, and AccuWeather (depending on your configuration).
• Cloud provider integrations: Apple iCloud when you enable iCloud sync/backup.
• Advertising: Google AdMob (see Section 3a below).

We do not control third-party privacy practices. Review each provider's policy before enabling related features.

3a. Advertising (Google AdMob)

Jot displays ads served by Google AdMob (Google LLC). To serve and measure ads, Google may collect:

• Advertising identifiers (IDFA on iOS, if you have granted permission via the App Tracking Transparency prompt)
• IP address and general location
• Device information (model, OS version, language, time zone)
• App interaction data related to ad impressions and clicks

App Tracking Transparency (ATT) — iOS 14.5 and later: Before any cross-app tracking for advertising purposes can occur, Jot asks for your permission using Apple's ATT framework. If you decline, no advertising identifier is shared with AdMob for cross-app tracking. You may change your preference at any time in Settings → Privacy & Security → Tracking.

If you decline tracking or use a device without an advertising identifier, you may still see ads but they will not be targeted based on your activity in other apps or websites.

Google AdMob processes advertising data under its own policies. For more information and to manage your ad preferences:

• Google Privacy Policy
• How Google uses information from apps that use its services
• Google Ad Settings (opt out of personalized ads)

4. App Permissions

The App may request system permissions only for enabled features, such as:

• Microphone and speech recognition (voice notes and transcription)
• Camera and photos/files access (attachments and imports)
• Location (weather features)
• Notifications (alerts and reminders)
• App Tracking Transparency (advertising — see Section 3a)

You can manage permissions in your device settings at any time.

5. How We Use Data

• Provide core note-taking, search, organization, and backup/sync functionality
• Execute AI, weather, and integration features you explicitly invoke
• Operate optional analytics and diagnostics (local by default)
• Maintain app security, prevent abuse, and troubleshoot issues
• Comply with legal obligations

6. Data Sharing, Sale, and Disclosure

• No sale by default: We do not sell your personal data for money.
• Advertising: When ads are displayed, advertising identifiers and interaction data may be shared with Google AdMob subject to your ATT consent choice. See Section 3a for details.
• Service-provider sharing: Data may be shared with providers you choose to use (AI, weather, cloud sync, and backup providers).
• Legal process: We may disclose data when required by law, legal process, or to protect rights and safety.
• Business transfer: Data may transfer in a merger, acquisition, reorganization, or asset sale, subject to applicable law.

7. Retention

• Local note data: Retained on your device until you delete it, clear app data, or uninstall the app.
• AI usage analytics in app storage: Auto-cleaned by app logic (for example, older usage records may be deleted after about 90 days).
• General local analytics: Retention is configurable in app settings (default configuration may retain data longer).
• Support communications: Retained as needed to resolve requests and for legitimate business/legal records.

8. Your Rights and Choices

• Access and portability: Export your data from the app.
• Deletion: Use in-app clear/delete tools or uninstall to remove local app data.
• Feature controls: Disable AI, analytics, sync, and other optional features in settings.
• US state privacy rights: Depending on your state, you may have rights to know, delete, correct, and opt out of certain processing.
• EEA/UK rights: Where applicable, you may have GDPR/UK GDPR rights including access, correction, deletion, objection, restriction, and portability.

To make a privacy request, use GitHub Discussions or GitHub Issues and include "Privacy Request" in the title.

9. International Data Transfers

If you use third-party providers, your data may be processed in countries other than your own. Those providers are responsible for their transfer mechanisms and safeguards.

10. Security

• On-device storage with platform sandboxing
• Encryption options for backups and secure storage for sensitive keys where supported
• HTTPS/TLS for network requests to third-party services

No security measure is perfect, and you are responsible for securing your device and account credentials.

11. Children's Privacy

Jot is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided personal data, contact us and we will address the request.

12. Policy Changes

We may update this policy. We will revise the "Last Updated" date and provide additional notice when required by law.

13. Contact

Jot uses the main Jot GitHub repository as its centralized support and privacy request channel.

• GitHub Discussions: Ask a question
• GitHub Issues: Report an issue

Because GitHub Discussions and Issues are generally public, do not include sensitive personal data in public posts. GitHub also processes data under its own policy: GitHub Privacy Statement.

---

This privacy policy is provided for informational purposes. For legal advice, consult an attorney.