Privacy Policy
Last Updated: April 14, 2026
Turnote ("we", "us", "our", or "the App") is operated by SaasRocket. This Privacy Policy explains how we collect, use, store, and share your information when you use our services.
Summary
Your notes are stored locally on your device and always available offline. Cloud sync is an optional paid feature — notes are encrypted on your device before upload so we cannot read them. We do not sell your data or use advertising trackers.
1. Information We Collect
1.1 Account Information
When you sign in with Google, we receive:
- Email address
- Display name
- Profile picture URL
- Google account identifier
We use this information solely to create and manage your Turnote account.
1.2 Voice Recordings and Content
When you use Turnote, the following content is created and stored locally on your device by default:
- Voice recordings: Audio files you record. Sent to our server only for transcription, then deleted immediately after processing. Never retained server-side.
- Transcriptions: Text generated from your voice recordings, stored locally.
- AI-generated titles: Titles automatically created for your notes, stored locally.
- Notes and edits: Any text content you create or modify, stored locally.
- Tags: Categories you assign to your notes, stored locally.
- Custom prompts: AI instructions you create for text rewriting, stored locally.
If you enable cloud sync (paid feature), your notes are encrypted on your device before upload. We cannot read them.
1.3 Usage Information
We track usage to enforce plan limits and improve the service:
- Audio recording duration (minutes used per month)
- AI processing tokens consumed
- Subscription status and plan type
1.4 Technical Information
- Device platform (iOS or Android)
- Network connectivity status (online/offline)
- Language preference
1.5 Information We Do NOT Collect
- Precise location or GPS data
- Contacts or address book
- Browsing history
- Data from other apps
- Advertising identifiers
2. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Provide transcription services | Voice recordings, language preference |
| Generate note titles | Transcribed text |
| Rewrite text with AI | Your text content, custom prompts |
| Manage your account | Google account info, profile settings |
| Process payments | Subscription status (via app stores) |
| Enforce usage limits | Audio minutes used, token usage, cloud storage used |
| Sync across devices (paid feature) | Encrypted notes (content never readable by us) |
3. Third-Party Services and Data Sharing
To provide our services, we share data with the following third-party providers:
OpenAI (Whisper API) – Voice Transcription
Your voice recordings are sent to OpenAI's servers for transcription using their Whisper model. OpenAI processes the audio and returns text. OpenAI may use this data according to their privacy policy.
Privacy Policy: openai.com/privacy
Google (Gemini API) – AI Title Generation and Text Rewriting
Your transcribed text is sent to Google's Gemini API to generate titles and rewrite content. Google processes this text according to their privacy policy.
Privacy Policy: policies.google.com/privacy
Supabase – Authentication, Usage Tracking, and Encrypted Sync Storage
Supabase is used for account authentication, usage quota tracking, and (if you enable cloud sync) storing your encrypted notes. Your note content is always encrypted on your device before upload; Supabase never receives plaintext content. Account info and usage stats are stored on Supabase's cloud infrastructure.
Privacy Policy: supabase.com/privacy
RevenueCat – Subscription Management
We use RevenueCat to manage subscriptions across iOS and Android. RevenueCat receives your anonymous user ID and subscription status. Payment processing is handled by Apple App Store and Google Play Store.
Privacy Policy: revenuecat.com/privacy
Google Sign-In – Authentication
We use Google OAuth for authentication. Google provides us with your basic profile information when you sign in.
Privacy Policy: policies.google.com/privacy
3.1 We Do NOT:
- Sell your personal data to third parties
- Use advertising SDKs or ad networks
- Use analytics or tracking SDKs (no Firebase Analytics, Mixpanel, Amplitude, etc.)
- Share your data for marketing purposes
4. Data Storage and Security
4.1 Where Your Data is Stored
- On-device (primary): All your notes are stored in a local SQLite database on your device, always accessible offline even without an account or internet connection.
- Cloud sync (paid feature): If you enable cloud sync, your notes are encrypted on your device using AES-256-GCM before upload. Supabase stores only ciphertext and cannot read your content. You control the encryption passphrase; it is never transmitted to us. A 12-word recovery phrase is generated for you to save offline.
- Audio files: Temporarily uploaded to our server for transcription via OpenAI Whisper, then deleted immediately after processing. Never retained server-side.
- Account and usage data: Your account profile, subscription status, and usage quotas (audio minutes, tokens) are stored on Supabase's cloud infrastructure.
- Authentication tokens: Stored securely using platform-specific secure storage (Keychain on iOS, Encrypted SharedPreferences on Android).
4.2 Security Measures
- All data transmitted over HTTPS/TLS encryption
- End-to-end encryption for synced notes: your passphrase-derived key is never stored by us, so we cannot read your content
- Row-level security ensuring you can only access your own data
- JWT-based authentication with secure token handling
5. Data Retention
- Local notes: Stored on your device until you delete them or uninstall the app. Deleting Turnote from your device removes local data.
- Cloud-synced notes (paid feature): Retained on Supabase as encrypted ciphertext while your account is active. When you delete a note and sync, the server copy is removed.
- Account deletion: When you delete your account, all cloud-stored data is permanently removed, including encrypted synced notes, usage history, and profile information. Local SQLite data on your device must be cleared separately by uninstalling the app.
6. Your Rights and Choices
6.1 Your Rights Under GDPR (European Users)
- Right of Access
- Right to Rectification
- Right to Erasure ("right to be forgotten")
- Right to Restrict Processing
- Right to Data Portability
- Right to Object
- Right to Withdraw Consent
To exercise these rights, contact us at hi@turnote.app.
6.2 Your Rights Under CCPA (California Residents)
- Right to Know
- Right to Delete
- Right to Non-Discrimination
We do not sell personal information.
6.3 How to Exercise Your Rights
Many rights can be exercised directly in the app:
- View all your notes
- Export all your notes as a CSV file
- Edit your notes and profile information
- Delete individual notes or your entire account
- Update language and display name
6.4 Account Deletion
- Open Turnote
- Go to Settings
- Tap "Delete Account"
- Confirm deletion
This action is irreversible.
7. Children's Privacy
Turnote is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.
8. International Data Transfers
Your data may be processed in countries other than your own, including the United States (OpenAI, Google) and other countries where Supabase servers are located. By using Turnote, you consent to this transfer.
9. Changes to This Policy
We will notify you of significant changes by:
- Posting a notice in the app
- Updating the "Last Updated" date
10. Data Controller
Still have questions?
Contact us at hi@turnote.app for more information.