ExpandNote - AI-Powered Note Taking

1. Introduction

Altitude Information Systems LLC ("we", "our", or "us") operates ExpandNote, an AI-powered note-taking application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web platform (collectively, the "Service").

2. Information We Collect

Account Information

When you create an account, we collect your email address and authentication credentials. We use Supabase Auth for secure authentication.

Note Content

We store the notes you create, including titles, content, tags, and associated metadata (timestamps, favorite/archive/lock status). Your notes are stored in our Supabase database with row-level security (RLS) ensuring only you can access your data.

AI Processing Data

When you use AI Profiles, your note content is sent to the AI provider you configure (OpenAI, Anthropic, or OpenRouter) using your own API keys. We do not store or log the content sent to these providers. Your API keys are encrypted at rest.

Voice Input Data

When you use voice input, audio is sent to OpenAI's Whisper API for transcription using your API key. We do not store audio recordings after transcription is complete.

Email-to-Note Data

When you use the email-to-note feature, incoming emails are processed to extract the subject (note title), body (note content), and any attachments (PDF, Word documents). Email content is converted to notes and the original email data is not retained after processing.

Usage Data

We collect error reports and performance data through Sentry to improve app stability. This includes device type, operating system version, and crash reports. We do not collect your note content in error reports.

3. How We Use Your Information

To provide, maintain, and improve the Service
To sync your notes across devices using PowerSync
To process AI Profile executions using your configured AI providers
To transcribe voice input using OpenAI Whisper
To convert incoming emails to notes
To send you service-related communications
To monitor and fix errors and performance issues

4. Data Storage and Security

Your data is stored on Supabase infrastructure with row-level security (RLS) policies ensuring data isolation between users. Notes are synced using PowerSync with offline-first architecture, meaning your data is stored locally on your device and synced to our servers when connected.

We implement industry-standard security measures including encryption in transit (TLS), encrypted API key storage, and secure authentication flows. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.

5. Third-Party Services

We use the following third-party services:

Supabase — Database, authentication, and backend infrastructure
PowerSync — Real-time data synchronization
Vercel — Web application hosting
Sentry — Error monitoring and performance tracking
Resend — Email delivery for email-to-note and notifications
OpenAI, Anthropic, OpenRouter — AI processing (only when you configure and use AI features with your own API keys)

6. Data Retention

We retain your notes and account data for as long as your account is active. Deleted notes are moved to trash and permanently removed after 30 days. Note version history is retained to enable version restoration. If you delete your account, all associated data will be permanently removed within 30 days.

7. Your Rights

You have the right to:

Access your personal data
Export your notes
Delete your account and associated data
Opt out of non-essential data collection

8. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at support@expandnote.app or visit our Contact page.