# Privacy Policy for Noteworthy

**Last Updated:** November 1, 2025

## Introduction

Noteworthy ("I", "we," "our," or "the app") is a note-taking application for Android devices. This Privacy Policy explains how we handle your information.

## Our Privacy Commitment

**Noteworthy is designed with privacy as a core principle. We do not collect, transmit, or store any of your data on external servers. All your information remains exclusively on your device.**

## Information Storage

### Local Storage Only
- All notes, todos, passwords, and other data you create are stored locally on your device using encrypted Android SharedPreferences
- No data is ever transmitted to external servers or third parties
- No analytics, tracking, or telemetry of any kind

### Data Types Stored Locally
The following information is stored exclusively on your device:
- **Text Notes**: Your written content and formatting
- **Todo Lists**: Task items and completion status
- **Password Entries**: Encrypted password storage (see Security section)
- **Quick Clips**: Timestamped note entries
- **Metadata**: Note titles, tags, colors, starred status, creation dates
- **Master Password**: SHA-256 hashed password (if you choose to use this feature)

## Security

### Encryption
- Password entries are encrypted using Android Keystore with AES/CBC/PKCS7Padding
- Master password (if set) is hashed using SHA-256 before storage
- Individual notes can be locked with passwords that are encrypted using hardware-backed security features

### No Third-Party Access
- We do not have access to your data
- No third-party services or APIs are integrated
- No advertising networks or analytics platforms

## Data You Control

### Export Functionality
- You can export your notes to share or backup as you choose
- Exports are initiated by you and sent only to destinations you select
- No automatic backups to cloud services

### Data Deletion
- Data can be deleted by uninstalling the app
- Individual notes can be deleted within the app
- Master password can be changed or removed through the app settings

## Permissions

### Required Permissions
- **WRITE_EXTERNAL_STORAGE** (Android 9 and below only): Used exclusively for saving exported notes to your device when you choose to export them

### No Unnecessary Permissions
We do not request permissions for:
- Internet access
- Location
- Camera
- Contacts
- Phone

## Third-Party Services

Noteworthy does not integrate with any third-party services, including:
- Analytics platforms
- Advertising networks
- Cloud storage services
- Social media platforms
- Crash reporting tools

## Children's Privacy

Noteworthy does not knowingly collect any information from anyone, including children under 13. Since all data remains on your device and is never transmitted, there is no collection of personal information.

## Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on the Google Play Store listing. Your continued use of Noteworthy after changes constitutes acceptance of the updated policy.

## Data Portability

You maintain complete control over your data:
- Export all notes at any time
- Share individual notes as you choose
- No lock-in or proprietary formats that prevent data access

## Contact Information

For questions about this Privacy Policy or Noteworthy's privacy practices, please contact:

**Developer:** James Russell  
**Email:** primitiveedgellc@gmail.com  
**App:** Noteworthy Note-Taking App

## Your Rights

Since no data leaves your device:
- You have complete control over all your information
- You can delete data by uninstalling the app
- No requests to external parties are needed to access or delete your data
- No data breach notifications are necessary as no data is transmitted or stored externally

## Legal Compliance

This app complies with:
- GDPR (General Data Protection Regulation)
- CCPA (California Consumer Privacy Act)
- COPPA (Children's Online Privacy Protection Act)
- Other applicable privacy regulations

Compliance is achieved through our fundamental design: no data collection means no privacy concerns related to data handling, transmission, or storage by third parties.