Privacy Policy
Last updated: March 18, 2026
Notalia ("we", "our", "us") is a study companion app that turns your notes into quizzes. This Privacy Policy explains what data we collect, how we use it, and your rights.
1. Data We Collect
Account Information
- Email address and display name (when you create an account)
- Authentication credentials managed by AWS Cognito (we never store your password directly)
- A timestamp recording when you confirmed you meet the minimum age requirement
Connected Services
- When you connect GitHub, Google Docs, OneNote, or Notion, we store encrypted OAuth tokens to access your content on your behalf. We only access content you explicitly select.
User Content
- Notes and files you connect or upload are stored in encrypted cloud storage. This content is accessible only on your behalf to generate quizzes and allow you to view your notes within the app.
- Quiz questions, answers, session progress, and study statistics
- Uploaded files (PDFs, images, text documents) stored in encrypted cloud storage
- You can delete stored content at any time by disconnecting a source, deleting uploaded files, or deleting your account.
Device Information
- A random device identifier (Cognito Identity ID) for associating your data with your device
- No advertising identifiers, location data, or device fingerprinting is collected
We do NOT collect:
- Location data
- Contacts or phone number
- Advertising or tracking identifiers
- Browsing history
- Data from other apps on your device
2. How We Use Your Data
We process your data to provide and improve the Notalia service. Our legal basis for processing under GDPR is your consent (provided when you create an account) and contractual necessity (we need your notes to generate quizzes for you).
- Quiz Generation: Your note content is sent to Anthropic's Claude AI to generate quiz questions. Anthropic does not retain your content after processing — it is used solely to generate the quiz response and is not used to train AI models.
- Document Conversion: Uploaded PDFs and images are processed by AWS Bedrock (Qwen vision model) to extract text for quiz generation. This processing occurs within AWS infrastructure and content is not retained after conversion.
- Cross-Device Sync: If you create an account, your quizzes and progress sync across your devices.
- Study Statistics: We calculate streaks, scores, and activity to help you track your study habits.
3. Third-Party Services
We use the following third-party services to operate Notalia:
| Service | Data Shared | Purpose |
|---|---|---|
| AWS (Cognito, DynamoDB, S3, Lambda) | Account data, encrypted content | Authentication, storage, compute |
| Anthropic (Claude API) | Note content (not retained) | Quiz question generation |
| AWS Bedrock | Uploaded PDFs/images (not retained) | Document text extraction |
| GitHub API | Accessed via your OAuth token | Fetch your repositories and notes |
| Google Drive API | Accessed via your OAuth token | Fetch your Google Docs |
| Microsoft Graph API | Accessed via your OAuth token | Fetch your OneNote notebooks |
| Notion API | Accessed via your OAuth token | Fetch your Notion pages |
| RevenueCat | Anonymous user ID, purchase receipts | Subscription management |
We do not sell your data to any third party. We do not use your data for advertising.
4. Data Security
- All data is encrypted in transit (TLS) and at rest (AES-256 for storage, KMS for OAuth tokens)
- OAuth tokens from connected services are encrypted with AWS KMS before storage
- API access is authenticated via AWS IAM with signed requests
- JWT tokens are cryptographically verified using Cognito's public keys
5. International Data Transfers
Notalia's infrastructure is hosted on Amazon Web Services (AWS) in the United States. If you are located outside the US, your data will be transferred to and processed in the US. AWS participates in the EU-US Data Privacy Framework, which provides safeguards for international data transfers.
6. Data Retention
- Account data: Retained until you delete your account
- Quizzes and sessions: Retained until you delete your account
- Processing jobs: Automatically deleted after 30 days
- Connected service tokens: Retained until you disconnect the service or delete your account
- Uploaded files: Retained until you delete them or delete your account
7. Your Rights
Account Deletion: You can permanently delete your account and all associated data from the Profile > Danger Zone section in the app. This deletes your user record, all quizzes, sessions, study history, uploaded files, connected service tokens, and cloud storage content. This action cannot be undone.
Disconnect Services: You can disconnect any connected service (GitHub, Google Docs, OneNote, Notion) at any time from the Profile screen. This revokes our access and deletes the stored token.
Data Portability: You can export all your data as JSON from the Profile screen in the app.
8. Children's Privacy
Notalia requires users to be at least 13 years old. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, please contact us and we will delete it.
9. California Residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect, request deletion of your data, and opt out of the sale of personal information. We do not sell personal information as defined by the California Consumer Privacy Act (CCPA). You can exercise your right to deletion at any time using the account deletion feature in the app, or by contacting us at the email below.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date. Continued use of the app after changes constitutes acceptance.
11. Contact
For privacy questions, data requests, or concerns:
Email: ndomondo2011@gmail.com
This policy applies to the Notalia mobile application available on the Apple App Store and Google Play Store.