Nobuhiko Notes ("App", "we", "us", "our") is a local-first note and productivity application designed for Android, Windows, and Web. This Privacy Policy explains in thorough detail what information may be processed when you use the App, why that processing happens, how different features affect the way data moves through the product, where information is typically stored on your device and in optional cloud services, when outside services or third parties may become involved in the processing chain, and what choices remain entirely in your hands when deciding how you want to use the App, what data you want to keep, and what data you want to remove, export, or manage on your own terms.
This document is meant to be more than a formal requirement or a legal checkbox. It is also meant to give a fuller, more human explanation of how the App actually behaves in practice: what happens when you write a note, record a voice memo, attach an image, run OCR, create a bookmark, enable Google Drive backup, turn on biometric lock, or open an embedded web page. Because Nobuhiko Notes is built around a local-first approach, much of the user experience is intentionally designed so that notes, attachments, generated files, preferences, and security settings stay close to the device unless you actively choose to export, back up, sync, or connect a feature that depends on an external service. The goal is for your data to stay yours by default, with cloud involvement only when you explicitly opt into it.
At the same time, some parts of the App can and do rely on platform capabilities, optional Google account access for backup and authentication, outbound network requests for bookmark metadata and embedded content, analytics services like Firebase Analytics on Android, device permissions for microphone, camera, and file storage, and shared folders through the Android Storage Access Framework. Each of these touchpoints has privacy implications, and this policy explains those boundaries openly rather than leaving them implied or buried in fine print.
By reading the fourteen sections below, you should be able to understand both the broad picture and the concrete details: what kinds of content may be handled by the App, why those categories of data matter to the features you choose to use, how local storage and optional cloud backup are intended to work, when information might be transmitted to Google, Firebase, third-party web hosts, or operating system services, how long different types of data are retained, what security measures are currently in place, what rights and choices belong to you under applicable law, how data can be exported or ported, how children's privacy is addressed, how international processing works when cloud services are involved, how this policy may change in the future, and how to contact the developer if you have questions, concerns, or requests. By using the App, you acknowledge the practices described in this Privacy Policy.
Effective Date: March 24, 2026
Document Version: 2.0
Platforms: Android, Windows, Web
Storage: Local-first storage
Backup: Optional Google Drive backup
Analytics: Android analytics via Firebase
This Privacy Policy applies to all versions of Nobuhiko Notes that we distribute for supported platforms, including Android, Windows, and Web where available. Because the App is designed to run across multiple operating systems and form factors, some features are platform-specific and may not be available on every device. For example, certain Android-only capabilities such as shared folder sync through the Storage Access Framework or Firebase Analytics integration may not apply to the Windows or Web builds, and features that depend on specific hardware such as biometric authentication or a built-in camera may behave differently or not be offered at all on platforms that lack the necessary support.
Regardless of which platform you are using, this Privacy Policy is intended to cover the full range of data-related behaviors that the App is capable of performing across all supported versions. If a feature mentioned in this policy does not exist on your platform, the corresponding data processing described for that feature simply does not apply to your use of the App.
The App may include features such as:
Each of these features interacts with user data in a specific way, and the sections that follow explain those interactions in detail so you can make informed decisions about which features to enable and how your information is handled.
This section provides a comprehensive breakdown of every category of information that the App may process during normal use. The word "process" here is used broadly and includes creating, reading, writing, displaying, storing, caching, transmitting, converting, exporting, deleting, or otherwise interacting with data in a way that is necessary for the App's features to function. Not every category will apply to every user, because the specific information processed depends on which features you choose to activate, which permissions you grant, and how you configure the App.
The core purpose of Nobuhiko Notes is to let you create, organize, and manage personal content. Depending on how you use the App, we may process the following types of user-created content:
All of this content is primarily stored locally on your device using the App's internal database and file storage system. The content does not leave your device unless you explicitly take an action that moves it elsewhere, such as exporting a note as PDF or JSON, syncing selected files to a user-chosen shared folder on Android, backing up your data to Google Drive after signing in with a Google account, or sharing content through the operating system's share sheet. In other words, local storage is the default and cloud involvement only happens when you actively opt into it.
Google account integration is entirely optional in Nobuhiko Notes. If you choose to sign in with Google and use the backup features that become available after authentication, the App may process the following information related to your Google account and backup activity:
The App currently requests Google Drive file access through the drive.file scope, which is the most limited scope available for Google Drive interactions. This means the App can only access files that it has created itself within your Google Drive account. It cannot browse, read, modify, or delete any other files in your Drive. The specific operations enabled by this scope include creating new backup files, reading previously created backups for restore operations, and deleting App-managed backups when you request removal.
In order to function correctly across different devices, operating systems, and configurations, the App may process certain technical information about the device and the App itself. This information is typically used internally to ensure compatibility, to adapt the interface to the user's locale, and to generate metadata needed for features like backup versioning and export headers. The specific technical information that may be processed includes:
On Android, the current build also includes Firebase Analytics, which is a product analytics service provided by Google. Firebase Analytics may automatically collect certain information such as app instance identifiers, device model and manufacturer, operating system version, app version, screen resolution, language, time zone, and general usage or engagement events that help us understand how the App is being used and which features are most valuable to users. This data is used to improve the product, fix issues, and prioritize development. The information processed by Firebase Analytics is subject to Google's terms of service and privacy practices, and we encourage users to review those policies separately if they want to understand how Google handles analytics data on its infrastructure.
Nobuhiko Notes includes several features that interact with media files and device hardware, including voice note recording, image attachment and capture, OCR text extraction, and general file import and export. When you actively use these specific features, the App may process the following types of media-related data:
When OCR is run on a remote image URL instead of a local file, the App downloads the image temporarily to a cache location in order to process it with the on-device OCR engine, then removes the temporary file from the cache after processing is complete. This means the image is not permanently stored in the App's file system unless you separately choose to save it as an attachment. The OCR result text, however, may be saved as part of your note content if you accept the extraction.
It is worth noting that all audio recording, image processing, and OCR extraction happen on your device. The App does not upload audio files, images, or OCR input to any remote server for processing. The only situation in which these files would leave your device is if you manually export them, include them in a Google Drive backup, or share them through the operating system.
While most of the App's functionality works offline and locally, there are specific features that require network access in order to provide their intended functionality. When you use these internet-connected features, the App may process the following types of network-related data:
When you open or embed third-party websites, those third parties may collect information directly from your device under their own privacy policies. The App does not control what data those third-party sites or services collect, and we strongly recommend reviewing the privacy practices of any website you choose to embed or visit through the App. Our responsibility extends only to the data that the App itself processes; once a network request leaves the App and reaches a third-party server, that server's privacy policy governs what happens to the data.
Nobuhiko Notes includes optional security features that help protect access to your notes and the App itself. These features are designed to keep sensitive data on the device and to prevent unauthorized access if someone gains physical access to your phone or computer. The App may process the following security-related information:
PIN data and sensitive local credentials are intended to remain on the device and are not included in App-managed exports or Google Drive backups. This means that if you restore a backup on a new device, your security settings will not carry over and you will need to reconfigure them. This is an intentional design choice to prevent sensitive authentication data from being exposed through backup files that could theoretically be accessed by someone other than the intended user.
Every piece of information that the App processes serves a specific, identifiable purpose tied to a feature or capability that you choose to use. We do not process information speculatively, and we do not collect data for purposes unrelated to the App's functionality. The following list describes the concrete reasons why the App processes the categories of information outlined in Section 2:
We process information to:
We do not sell your personal data to any third party, advertising network, or data broker under any circumstances.
We do not use advertising SDKs in the current build of the App. There are no banner ads, interstitial ads, rewarded ads, or any other form of advertising integration. If this ever changes in a future version, this Privacy Policy will be updated to reflect the change and the new effective date will be clearly noted.
In summary, data processing in Nobuhiko Notes is strictly feature-driven. If you do not use a feature, the data associated with that feature is not processed. If you do use a feature, the data processing is limited to what is necessary for that feature to work as intended.
Understanding where your data lives is one of the most important aspects of any privacy policy, and this section aims to give you a thorough, practical explanation of how Nobuhiko Notes handles storage across different scenarios. The App uses a layered storage model: most data lives locally on your device by default, with optional cloud backup and optional shared-folder sync available for users who want additional redundancy or portability.
The App is designed from the ground up to store most user content locally on your device first. This is not just a default setting that can be changed; it is a fundamental architectural decision that shapes how the entire product works. When you create a note, attach an image, record a voice memo, change a preference, or enable a security setting, that information is written to local storage on your device before anything else happens. Based on the current implementation, local storage may include:
The App uses local storage technologies and device storage areas such as app-private files, shared preferences, and secure local storage for certain sensitive values. On Android, app-private storage means the data is stored in a directory that only the App can access unless the device is rooted. On Windows, the App uses the local application data directory and secure credential stores where available. The important thing to understand is that unless you take an explicit action to move data out of the App, your content stays on the device where you created it.
If you enable Google backup features by signing in with your Google account and authorizing the required permissions, the App gains the ability to upload a backup of your App data to your personal Google Drive account. This backup includes a packaged snapshot of your notes, database content, attachments, settings, and metadata, but it intentionally excludes sensitive security data such as PIN codes and biometric configuration. Backup and restore actions happen only after you sign in, authorize the required Google permissions, and explicitly trigger the backup or restore process within the App's settings.
Backup data is stored by Google on your behalf within your own Google Drive storage and remains subject to Google's infrastructure, security practices, and privacy policies in addition to this Privacy Policy. We do not have access to your Google Drive account or your backup files; only you and the App running on your authenticated device can access App-managed backups. If you revoke the App's access to your Google account or uninstall the App, the backup files that were previously uploaded will remain in your Google Drive until you manually delete them.
On Android, the App offers a feature that allows you to synchronize selected files to a folder that you explicitly choose on your device using the Android Storage Access Framework (SAF). This is a system-level mechanism that gives you full control over which folder the App can access, and the App only gains access to the specific folder you select through the SAF picker dialog. If you grant access:
You can revoke this access at any time from your device settings or by removing the selected folder access from within the App. Once access is revoked, the App will no longer be able to read from or write to the shared folder, and any files that were previously copied to that folder will remain there until you manually delete them. The shared folder feature is designed as a convenience for users who want easy access to certain App-created files from other apps or file managers, not as a mandatory part of the App's data flow.
Nobuhiko Notes is designed to minimize the situations in which your information leaves the App. However, certain features require interaction with external services, platform APIs, or third-party content, and this section describes exactly when and why information may be shared or transmitted outside the App. We share or transmit information only in the situations that are strictly necessary to provide features you choose to use, including:
We do not sell personal informationto data brokers, advertising networks, or any other third party under any circumstances. We do not share your note content, attachments, voice recordings, or any other user-created data with anyone unless you explicitly initiate that sharing through a feature like export, backup, or the operating system's share sheet. The principle is simple: your data leaves the App only when you tell it to.
Modern mobile and desktop operating systems use a permission model that requires apps to request specific access before they can use certain hardware or system features. Nobuhiko Notes follows this model and only requests the permissions that are necessary for specific features to work. Below is a detailed explanation of each permission category the App may request, along with the specific features that depend on it. Depending on platform and feature usage, the App may request or use access to:
If you deny or revoke permissions, the features that depend on those permissions may be unavailable or function with reduced capability. The App is designed to degrade gracefully when permissions are not granted: it will not crash or malfunction, but the specific feature that requires the missing permission will not be able to perform its intended function. You can manage permissions at any time through your operating system's settings, and changes will take effect the next time the App attempts to use the relevant feature.
How long your data is kept depends on the type of data, the storage location, and the features you have enabled. Because Nobuhiko Notes is local-first, you have a high degree of direct control over data retention: most data exists only on your device and is removed when you choose to remove it. The following breakdown explains retention behavior for each category of data:
In practice, this means that if you are a user who only uses the App locally without signing into Google, without enabling shared folder sync, and without using features that require network access, then all of your data lives exclusively on your device and can be fully removed by clearing the App's data or uninstalling it. The retention of your data is entirely within your control.
Protecting user data is a core design principle of Nobuhiko Notes, and we implement multiple layers of security measures to reduce the risk of unauthorized access, data loss, and unintended exposure. While no system can guarantee absolute security, we believe that a local-first approach combined with optional encryption, permission-based access, and user-controlled backup and restore provides a strong foundation. The following security measures are currently implemented in the App:
No method of electronic storage, data transmission, or device security is guaranteed to be completely secure. We cannot promise that your data will never be accessed by unauthorized parties, but we are committed to implementing and maintaining reasonable safeguards that reflect current best practices for an application of this nature. If we become aware of a security incident that materially affects user data, we will take appropriate steps to address it and, where required by law, notify affected users.
We also encourage users to take their own precautions: keep your device's operating system up to date, use strong device lock screens, enable the App's built-in PIN or biometric lock if you store sensitive information, and be cautious when granting permissions or embedding third-party content.
We believe that you should have meaningful control over your own data, and Nobuhiko Notes is designed to make the exercise of that control as straightforward as possible. Because the App is local-first, many data management actions can be performed directly within the App without needing to contact anyone or submit a formal request. Depending on your location and the privacy laws that apply to you, you may have the following rights:
Many of these actions can be performed directly in the App or through your device settings and Google account settings without needing to contact us. For example, you can delete notes and attachments from within the App, clear all App data through your operating system's app settings, disconnect your Google account from the App's settings screen, and export your data using the built-in export features. If you need assistance with a privacy-related request that cannot be accomplished through the App itself, you can contact us using the information provided in Section 14.
We believe that your data should not be locked inside the App. Nobuhiko Notes includes multiple features designed to let you move your content in and out of the product freely. The App provides export and backup capabilities that may allow you to extract your content in formats such as JSON, CSV, PDF, plain text, or other file types supported by the specific feature you are using.
Exports and backups may contain the content you created, including note text, database entries, tags, properties, and metadata that the App generates internally such as creation timestamps, modification timestamps, block types, and references to attached files. The extent of what is included in an export depends on the export format and the feature you are using: a full JSON backup will include more data than a single-page PDF export, for example.
The goal of providing multiple export options is to ensure that you are never in a situation where your data is trapped inside Nobuhiko Notes with no way to retrieve it. If you decide to stop using the App, you should be able to export your content in a format that is useful to you and take it to another tool, archive it, or do whatever you wish with it. Data portability is a fundamental commitment of this product.
Nobuhiko Notes is a general-purpose productivity application and is not specifically directed to children under the age required by applicable law to provide valid consent on their own for the use of online services. In most jurisdictions, this age is typically 13 or 16 years old, depending on local regulations.
We do not knowingly collect personal information from children below the applicable age threshold. Because the App is local-first and does not require account creation for basic use, the amount of personal data that would be involved is minimal in most scenarios. However, if a parent or legal guardian believes that a child has provided personal information to us through optional features such as Google Sign-In or Firebase Analytics, they can contact us using the information in Section 14 so we can review the situation and take appropriate action, which may include deleting the data in question.
Nobuhiko Notes is available to users around the world, and while the local-first design means that most data processing happens on your own device in your own country, certain optional features do involve data being processed on servers that may be located in other countries.
If you use Google services such as Google Sign-In or Google Drive backup, Firebase Analytics on Android, embedded web content from third-party sites, or other internet-connected features, the information associated with those features may be processed on servers and infrastructure located in the United States, the European Union, or other countries where Google and other service providers maintain data centers. Those providers handle data according to their own terms of service, infrastructure security practices, and privacy commitments, and the data protection laws in those countries may differ from the laws of your home country.
By using features that involve network communication or cloud services, you acknowledge that some of your data may be processed internationally. If this is a concern for you, you can choose to use the App in fully offline mode without enabling Google backup, without embedding external content, and without using features that require network access, in which case all of your data will remain on your local device and will not cross international boundaries.
We may update this Privacy Policy from time to time to reflect changes in the App's features, changes in our data practices, changes in applicable laws or regulations, or other operational or legal developments that require an update. When we make changes to this policy, we will update the effective date at the top of the page and increment the document version number so you can easily tell whether the policy has changed since your last visit.
For significant changes that materially affect how your data is processed, stored, or shared, we will make reasonable efforts to notify users through the App itself, through an update notice, or through other appropriate channels. We encourage you to review this Privacy Policy periodically to stay informed about how your information is handled. Your continued use of the App after changes to this policy take effect constitutes your acceptance of the updated terms.
If you have any privacy-related questions, concerns, or requests about this Privacy Policy, about how your data is handled within Nobuhiko Notes, or about exercising any of the rights described in Section 9, you can reach us through the following contact information. We will do our best to respond to your inquiry in a timely manner and to address your concern fully.
Developer: Nobuhiko
Email: support@nobuhiko.studio
When contacting us about a privacy matter, please include enough detail for us to understand your request, such as the platform you are using (Android, Windows, or Web), the version of the App, a description of the issue or question, and any relevant context that will help us assist you more effectively. We are committed to taking privacy inquiries seriously and providing clear, helpful responses.