Legal
Privacy Policy
Last updated: July 6, 2026
1. Introduction
PocketNote ("we," "our," or "us") is an AI-powered study companion that helps students transform their notes and study materials into quizzes, flashcards, podcasts, mind maps, slide decks, and study reports. This Privacy Policy explains what information we collect, how we use it, and how we protect it when you use our platform at pocketnote.app or through our iOS app.
By using PocketNote, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
We collect the following information when you use PocketNote:
- Account information: your name and email address, provided when you sign up with email and password or sign in with Google or Apple. If you register with a password, it is stored only in salted, hashed form (bcrypt) — we never store or see your plain-text password.
- Uploaded study materials: documents, notes, PDFs, audio recordings, and links (such as YouTube videos or web pages) you add to your notebooks. This content is processed by AI to generate your study resources and stored in your personal notebooks, along with the text extracts and search indexes derived from it.
- Chat and generated content: your conversations with the AI assistant and the study materials generated for you (quizzes, flashcards, reports, podcasts, mind maps, and similar).
- Connector data: if you choose to connect a third-party account (see Section 6), we store the account email, display name, and encrypted access tokens for that connection.
- Usage data: product analytics such as features used, AI model chosen, and token/credit consumption, used to operate billing and improve the platform. Our analytics are hosted in the European Union.
- Subscription data: your plan, subscription status, and payment-provider customer identifiers. We never receive or store your card number (see Section 7).
3. How We Use Your Information
The information we collect is used to:
- Authenticate your account and keep it secure.
- Generate AI-powered study materials from your uploaded content.
- Provide connector features you have explicitly enabled.
- Meter usage, apply plan limits, and process billing.
- Send you service-related notifications and billing communications.
- Improve the platform using aggregated usage data.
4. Your Data Is Not Sold and Not Used to Train AI
We do not sell, rent, or share your personal data or your study content with third parties for marketing or advertising purposes. Your notes and documents are yours.
We do not train AI models on your content, and the AI providers we use are accessed through commercial APIs whose terms prohibit using API customer data to train their models. Your content is never shared with other users.
5. AI Processing of Your Content
PocketNote's AI features work on the content you upload. When you ask a question or generate a study resource, the relevant parts of your documents are sent to an AI model to produce the answer. All large-language-model requests are routed through OpenRouter, a United States–based AI gateway, which forwards them to the model provider you selected:
- Google — Gemini models.
- OpenAI — GPT models.
- Anthropic — Claude models.
- DeepSeek — open-weight DeepSeek models, served by independent hosting providers (see below).
- xAI — Grok models.
These providers process your content solely to return the requested response. Under the API terms we use, they are prohibited from using your content to train their models.
About DeepSeek models
DeepSeek models are open-weight models that can be run by anyone. When you select a DeepSeek model in PocketNote, your request is never sent to DeepSeek (the company) or to servers in China. We instruct OpenRouter to exclude DeepSeek's own API as a routing destination and to use only independent inference hosts that do not retain or train on request data. You get the model; DeepSeek never gets your data.
Supporting AI services
In addition to the chat models above, we use specialized AI services for specific tasks:
- Jina AI — generates the embeddings that let the assistant search inside your documents.
- Z.ai (GLM-OCR) — extracts text from scanned or image-based PDFs when standard text extraction is not possible.
- Google Cloud Text-to-Speech — turns generated podcast scripts into audio.
6. Connectors
PocketNote lets you optionally connect third-party accounts — Google Drive, Gmail, Google Calendar, Notion, Outlook, Outlook Calendar, OneDrive, and Dropbox — so the assistant can import files or act on your behalf. Connectors are entirely optional and disabled by default: PocketNote works fully without them.
How connectors work:
- You decide what we can access. Each connector is authorized individually through the provider's own consent screen (OAuth), which shows you the exact permissions being granted before you approve them. We request the narrowest scope the feature allows.
- Google Drive: only the files you select. We use Google's limited drive.file permission together with the Google file picker. PocketNote can only access the specific Google Drive files you explicitly select via the picker — we cannot browse, list, or read the rest of your Drive.
- Gmail: send-only. We request only Google's gmail.send permission, used solely to send emails you explicitly compose and confirm. We cannot read, search, or otherwise access your inbox or existing messages.
- Access is used only when you use the feature. We access a connected account only to carry out actions you initiate, such as importing a Drive file you selected or sending an email you asked the assistant to send. We do not continuously sync, scan, or copy your connected accounts in the background.
- Tokens are encrypted. Connector access tokens are stored encrypted at rest with AES-256-GCM.
- You can see and revoke connections at any time. Your connected accounts are listed in Settings → Connectors. Disconnecting a connector immediately and permanently deletes the stored tokens from our systems. For complete revocation, we also recommend removing PocketNote from the provider's own security settings (for example, your Google Account's "Third-party access" page).
- You are responsible for the accounts you connect. Only connect accounts you own or are authorized to use, and review the permissions requested before approving them.
7. Payment Processing
Payments on the web are processed by Stripe; purchases in the iOS app are processed by Apple through the App Store, with subscription state managed by RevenueCat. PocketNote never accesses or stores your credit card details — payment information goes directly to these PCI-compliant processors. You can review Stripe's privacy practices at stripe.com/privacy.
8. Data Security
Security measures in place include:
- HTTPS/TLS encryption for all data in transit.
- Server-side encryption for stored files.
- AES-256-GCM encryption for connector access tokens.
- Salted bcrypt hashing for passwords.
- Per-user isolated storage for notebooks and uploaded materials.
- Rate limiting and abuse protection on authentication endpoints.
No system is 100% secure. If you sign in with Google or Apple, we encourage you to enable two-factor authentication on that account.
9. Data Retention & Account Deletion
Your data is retained while your account is active. You may delete individual notebooks, chats, and uploaded materials at any time from within the platform. Stored files (such as original uploads and generated podcast audio) may additionally be removed from file storage after 90 days as part of routine storage housekeeping; your notes, extracted text, chat history, and generated study materials remain available until you delete them.
You can permanently delete your entire account at any time from Settings → Delete Account, or by emailing hello@pocketnote.app. Deletion takes effect immediately and removes your profile, notebooks, uploaded files, chat history, generated study materials, embeddings, connector tokens, and subscription records from our systems. Account deletion is permanent and irreversible — deleted accounts and their data cannot be recovered, by you or by us. There is no grace period or soft-delete window.
10. Third-Party Services
PocketNote relies on the following service providers (subprocessors), each governed by their own privacy policies:
- OpenRouter (US) — AI gateway routing requests to the model providers listed in Section 5 (Google, OpenAI, Anthropic, xAI, and independent hosts of DeepSeek models).
- Jina AI — document embeddings for in-notebook search.
- Z.ai — OCR text extraction for scanned PDFs.
- Google Cloud — text-to-speech for podcast audio.
- Amazon Web Services (Frankfurt, EU) — file storage, transactional email, and push notifications.
- Stripe — payment processing on the web.
- Apple / RevenueCat — in-app purchases and subscription management on iOS.
- PostHog (EU) — product analytics.
- Google, Apple, Microsoft, Notion, Dropbox — sign-in and the optional connectors described in Section 6.
11. International Data Transfers
Your account data and files are stored in the European Union (AWS Frankfurt), and our analytics are hosted in the EU. When you use AI features, the content needed to answer your request is processed by the AI providers listed in Section 5, some of which operate in the United States. These transfers are made under the providers' data-processing terms, which include appropriate safeguards such as standard contractual clauses.
12. Your Privacy Rights
Depending on where you live (including under the GDPR and CCPA), you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate personal data.
- Delete your personal data (see Section 9 — you can do this yourself at any time).
- Export your content in a portable format.
- Object to or restrict certain processing.
- Withdraw consent for optional features such as connectors at any time.
- Lodge a complaint with your local data-protection authority.
To exercise any of these rights, contact us at hello@pocketnote.app. We respond to verified requests within 30 days.
13. Children's Privacy
PocketNote is intended for users aged 14 and older. We do not knowingly collect personal information from children under 14. If you believe a child under 14 has created an account, please contact us immediately and we will delete the account.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will notify you via email or a notice on the platform. Continued use of PocketNote after changes take effect constitutes acceptance of the updated policy.
15. Contact
If you have any questions about this Privacy Policy, please contact us at hello@pocketnote.app.