Privacy Policy
Last updated: March 24, 2026
Notis is a note-taking application available as a macOS desktop app and a web app. This policy describes what data we collect, how we use it, and your rights.
Summary
Notis is designed to be privacy-preserving. We do not use analytics, tracking, or advertising. We do not sell or share your data with third parties. Your notes are yours.
macOS App
Data stored locally on your device
- Your notes — Markdown files stored in a vault directory you choose (e.g. ~/Documents/Notis). These never leave your device unless you use a file sync service like iCloud Drive.
- Search index — A SQLite database in ~/Library/Application Support/Notis/ that indexes your notes for fast search and task aggregation. This is derived from your files and can be rebuilt at any time.
- Calendar event cache — Cached calendar events stored locally to enable offline access and faster navigation.
- OAuth tokens — If you connect Google or Microsoft Calendar, authentication tokens are stored in the macOS Keychain (encrypted, sandboxed to the Notis app).
- Preferences — Editor settings, calendar configuration, and UI state stored in UserDefaults.
Data sent to external services
- Google Calendar API — If you connect your Google account, Notis fetches your calendar events and calendar list directly from Google's API. No data is routed through our servers.
- Microsoft Calendar API — Same as above, using Microsoft Graph API.
- Sparkle update checks — The app periodically checks for updates by fetching an appcast XML file from GitHub. This is a standard HTTP request with no user-identifying information.
Data we do NOT collect from the macOS app
- No analytics or telemetry
- No crash reporting
- No usage tracking
- No device fingerprinting
- No IP address logging
- No note content is ever transmitted to our servers
Web App
Account data
When you create a web account, we store:
- Email address — Used for login and account identification.
- Password — Stored as a secure hash (bcrypt). We never store or have access to your plaintext password.
- Display name — Optional, shown in the UI.
Note data
Your notes, tasks, tags, and preferences are stored in a per-user database hosted on Cloudflare D1. Each user has an isolated database — your data is not commingled with other users.
Calendar connections
If you connect Google or Microsoft Calendar via OAuth, we store the OAuth tokens (access token, refresh token, provider email) to fetch your events. Tokens are stored in the shared database and are only used to make API calls on your behalf.
Server logs
Standard HTTP access logs (request URL, method, status code, response time) are generated by Cloudflare Workers. These are transient and not aggregated for analytics purposes.
Data we do NOT collect from the web app
- No third-party analytics (no Google Analytics, Mixpanel, etc.)
- No tracking cookies
- No advertising
- No data sharing with third parties
Third-Party Services
Data Retention
- macOS app — All data is stored locally and persists until you delete it. Uninstalling the app removes all data.
- Web app — Your account and notes persist until you request deletion. Contact us to delete your account and all associated data.
Your Rights
You can:
- Export your notes at any time (they are standard markdown files)
- Disconnect calendar integrations from Settings
- Delete your web account and all associated data by contacting us
- Use the macOS app entirely offline with no external data transmission
Children's Privacy
Notis is not directed at children under 13. We do not knowingly collect personal information from children.
Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated date.
Contact
Questions about this privacy policy? Email privacy@hotdish.dev.