Privacy Policy – MesNote

Last updated: 1 May 2026

MesNote (“the app”) is a note-taking application. This policy describes what data the app uses, what may be sent to our service providers, and how it is handled.

1. Service providers (Google and Apple)

When you use optional cloud features, data is processed by Google Firebase and related Google Cloud services, and (on iOS) by Apple for Sign in with Apple, including as applicable:

• Firebase Authentication – sign-in with email and password, Google (Google Sign-In / OAuth), or (on iOS) Sign in with Apple. Google and Apple process authentication data under their own terms and privacy notices; Firebase holds an account identifier (and email where applicable) so you can use cloud features across devices. If you use Sign in with Apple and choose Hide My Email, Apple supplies a private relay address; we never see your real Apple ID email.
• Cloud Firestore – structured data such as note metadata, text content, references to files, reminder settings, and sync-related fields.
• Cloud Storage for Firebase – files you attach to notes (e.g. images, audio, video) when cloud sync uploads them.
• Cloud Functions for Firebase – server-side code that processes AI command requests (see section 2). Functions are operated by us on Google’s infrastructure.
• Google Gemini API – called by our cloud function only when you explicitly invoke an AI command. The messages of the current note are sent to Google’s generative-AI service to produce the reply (see section 2).

Google’s terms and privacy notices also apply to their processing. We do not use your note content for advertising.

2. Data we collect and use

• Account data (optional): If you create or use an account, we process data needed to operate it—for example your email address (email sign-in), identifiers from Google when you use Sign in with Google, identifiers from Apple when you use Sign in with Apple (which can include a private relay email if you choose “Hide My Email”), and a Firebase user ID—so you can sign in and use cloud features on multiple devices.
• Note content on your device: Your notes can include text, images, audio, and video. That content is stored locally on your device (e.g. in the app’s database) so the app works offline.
• Cloud sync (optional): If you are signed in and use sync, the app may upload and store copies of your data in your account on Google’s infrastructure so it can be merged and available on your other devices. This may include text, images, audio, video, tags, titles, order of messages, reminders, and lock-related metadata, as implemented in the app version you use. Sync behaviour may evolve with app updates; this policy will be updated when material changes occur.
• Storage limits: Cloud storage may be subject to per-account limits (for example free vs paid tiers). If a limit is reached, uploads or sync may be blocked until you free space or upgrade, as shown in the app.
• Locked notes: Your lock password is not sent in plain text to the cloud. A cryptographic verification value (e.g. a hash) may be stored so another signed-in device can verify the same password after sync. How much of a locked note’s text or media is stored in the cloud follows the behaviour described in the app for locked notes.
• Device biometrics (Face ID / fingerprint): If you unlock the app or protected notes with biometrics, verification is done by your device’s operating system. We do not receive, store, or transmit your fingerprint, face data, or other biometric templates.
• Reminders: If you use reminders, scheduling information is used to show notifications on your device. If you use cloud sync, reminder data may also be stored in your cloud account so reminders can stay consistent across devices.
• Camera, microphone, and media library: Used only to capture or choose content you add to notes. We do not use the camera, microphone, or library for unrelated purposes.
• Share into MesNote: If you share text or images from another app into MesNote, that content is handled only to create or update your notes as you choose.
• Crash and error diagnostics: The app may send technical reports (e.g. crash logs, app version, device type) to Sentry to help fix bugs. These reports are not used for advertising.
• In-app purchases (if offered): Purchases are processed by Google Play (Android) or the Apple App Store (iOS). We receive purchase or subscription status as needed to unlock features; we do not receive your full payment card details from either store.
• AI commands (optional): The app provides optional AI commands (such as summarize, extract action items, ask, rewrite, translate) that you invoke explicitly with a slash command in the note composer. When you run a command, the messages of the current note only are sent to Google Gemini via our cloud function for processing. No other notes, no account profile data, and no media files are sent. The AI’s reply is added to the note as an "AI" bubble that you control (you can copy, edit, or delete it). We log only minimal request metadata (user id, command, token counts) for usage accounting and abuse prevention; we do not store the prompts or replies on our servers. AI usage requires sign-in and is subject to a per-account monthly request budget that is reset each month. Google’s terms and privacy notices govern their processing of the request content; we do not allow Google to train models on your prompts or replies under our API tier.

3. Permissions

The app may request:

• Camera – to take photos/videos and add them to notes.
• Microphone – to record audio and video with sound in notes.
• Storage / media – to save and attach images, audio, and video to notes.
• Notifications – if you use reminders, to show alerts at the times you choose.
• Biometrics (where your device supports it) – only if you choose to unlock the app or notes with Face ID, fingerprint, or similar; handled on-device by the operating system.

These are only used for the features described above.

4. Where data is stored and transfers

Data is stored on your device and, when you use cloud features, on servers operated by Google (Firebase / Google Cloud) in regions configured for the project. Data in transit is protected using HTTPS/TLS where applicable. Because providers may use servers in various countries, your information may be processed outside your country of residence.

5. Retention and deletion

Local data remains on your device until you delete it or remove the app. Cloud data tied to your account remains until you delete it in the app, delete your account, or contact us as below. Some backups or logs at providers may persist for a limited time according to their policies.

6. Account deletion

You can permanently delete your MesNote account and all associated cloud data at any time.

In the app: open Settings → Account → Delete account and confirm. This removes your Firebase Authentication account, all notes, attachments, AI usage history, and subscription claim records associated with your account.

By email: if you no longer have access to the app, send a deletion request from the email address associated with your account to info@mesnoteapp.com with the subject line “Delete my account.” We will verify the request and complete deletion within 30 days, then confirm by email.

What is deleted:

• Your Firebase Authentication account (email and any linked Google / Apple sign-in identifiers).
• All Cloud Firestore documents under your account, including note text, message history, AI usage counters, and storage quota metadata.
• All Cloud Storage objects under your account, including image, audio, and video attachments uploaded for cloud sync.
• Subscription claim records that bind a Google Play or App Store purchase token to your account.

What is not deleted automatically:

• Active subscriptions billed by Google Play or the Apple App Store. We cannot cancel store-side subscriptions on your behalf. Cancel any active subscription in your Google Play account (Play Store → Subscriptions) or your Apple ID (Settings → Apple ID → Subscriptions) before deleting your MesNote account, otherwise the store will continue to charge the linked payment method.
• Local data on your device. Uninstall the app or clear its data through your device settings to remove the local copy.
• Service-provider backups and logs (e.g. Google Cloud retention for short periods after deletion). These are governed by Google’s retention policies and are not under our direct control.

7. We do not sell your data

We do not sell your personal data or note content to third parties.

8. Your choices

You can reduce cloud processing by signing out or not using sync; content that was not uploaded may remain only on your device. To delete your account and associated cloud data, use the in-app option (Settings → Account → Delete account) or contact us as described in section 6. You can also manage some data through your Google account settings where applicable.

9. Contact

For questions about this privacy policy or your data, contact us at: info@mesnoteapp.com