Privacy Policy

• Your notes are yours. Stored on your device. Sent to our backend only when you scan, only to digitise the page.
• We never train AI on your content. We never sell it, advertise on it, or share it with anyone except the AI providers who do the OCR for you.
• We hold your email, your name, and the bare minimum needed to run your account and your subscription.
• The newsletter is opt-in only. We never sign you up automatically.
• You can ask us for everything we have on you, fix it, export it, or delete it. Email us and we will do it.
• We are based in the Netherlands. The GDPR applies. Your data is processed in the EU wherever possible.

These are the things many apps quietly do. We don't.

• We do not train or fine-tune machine-learning models on your notes, your scans, or anything else you create in Slownotes.
• We do not sell your data or your content to anyone.
• We do not share your data with advertisers, brokers, analytics resellers, or "data partners".
• We do not run third-party advertising trackers, fingerprinting, or session-replay scripts.
• We do not read your notes. The processing pipeline is automated; no person at Slownotes opens your scans except in narrow situations you have explicitly asked us to investigate (for example, a support ticket where you ask us to look).

Our AI sub-processors (OpenAI, Anthropic) have their own contractual commitments not to train on data sent through their API. See Sub-processors for the detail.

The data controller for Slownotes is Superintendent BV, a Dutch private limited company (besloten vennootschap) registered in the Netherlands. Email [email protected] for privacy requests or anything else.

We are not yet large enough to be required to appoint a Data Protection Officer under Article 37 GDPR, but the email above is the right point of contact for any data-protection question.

Here is the complete list.

Account data

• Your email address.
• Your display name.
• A hashed version of your password (only if you signed up with email and a password, never the password itself).
• If you signed in with Apple or Google: the provider's stable user ID, so we can recognise you next time.
• The date you created the account, your subscription tier, your timezone, and your preferred date format.
• Whether you accepted the Terms and the date you accepted them.
• Whether you opted in to the newsletter and the date you opted in.

Note content (transient)

• The image of the page you scan, sent to our backend for processing.
• The structured text result, returned to your device.
• The original image is deleted from our servers within 24 hours of processing. The structured text returned to your device is not retained on our servers either. It lives on your device.

Usage and billing

• The number of scans, pages, or tokens you have processed in the current billing period, so we can apply your subscription's quota.
• Your App Store transaction identifiers (received from Apple), so we can verify your subscription and respond to refunds.
• Basic API logs (request time, endpoint, status code, your account ID). Logs older than 30 days are automatically deleted.

Diagnostics

• If something crashes, the app may submit an anonymised crash report to Apple via the standard iOS mechanism. This contains a stack trace and device model, not your notes. You can disable this in Settings → Privacy & Security → Analytics & Improvements on iOS.

Purpose	Data	Legal basis (GDPR)
Run your account	Email, name, password hash, OAuth ID	Contract performance (Art. 6(1)(b))
Process scans into text	Scanned images, text output	Contract performance (Art. 6(1)(b))
Apply your subscription quota	Usage counters, plan tier	Contract performance (Art. 6(1)(b))
Bill and renew subscriptions	App Store transaction IDs	Contract performance (Art. 6(1)(b))
Keep the service secure	Request logs, IP at request time	Legitimate interest (Art. 6(1)(f))
Send the newsletter	Email, opt-in timestamp	Consent (Art. 6(1)(a)), revocable any time
Comply with legal obligations	Account and billing records	Legal obligation (Art. 6(1)(c))

We do not rely on "legitimate interest" to do anything you would not reasonably expect, like marketing or analytics profiling.

To run Slownotes we use a small number of carefully chosen vendors. Each one only sees the slice of data needed for its job.

Vendor	What it does	Data shared
OpenAI	OCR and structuring of scanned pages	Scanned image, intermediate text. Sent through their API; covered by their no-training commitment.
Anthropic (Claude)	Some structuring and enrichment steps	Text content of the scan. Sent through their API; covered by their no-training commitment.
Apple (App Store, Sign in with Apple)	Authentication, billing, push notifications	Account email, transaction IDs.
Google (Sign in with Google)	Authentication, only if you choose to sign in with Google	OAuth ID token, account email.
Hetzner (Falkenstein, Germany)	Hosts our backend and database	All backend data, encrypted at rest.
MailerSend	Sends transactional email (account verification, password reset, receipts)	Your email address, your name, the message body.
MailerLite	Sends the optional newsletter, only if you opted in	Your email address, your name, the message body.

If you connect Slownotes to a third-party service yourself, for example Notion or Obsidian, the data you push to them is governed by that service's own privacy policy, not ours.

This list is current as of the date at the top of this page. We will update it when we add or remove a vendor.

The Slownotes backend, including your account record and any in-flight scan, lives on servers in Falkenstein, Germany (Hetzner). Your account data never leaves the EU on our infrastructure.

The notes themselves live on your iPhone or iPad, in the app's private storage and (if you have iCloud Drive enabled for Slownotes) in your personal iCloud account. Apple's iCloud uses end-to-end encryption for many data types. See Apple's overview.

OpenAI, Anthropic, Apple, and Google process certain requests outside the EU. We rely on the European Commission's Standard Contractual Clauses and, where available, EU-region endpoints to keep transfers compliant with GDPR Chapter V.

Data	Retention
Account record	Until you delete your account, then up to 30 days for deletion to propagate.
Scanned image (on our servers)	Up to 24 hours after processing, then permanently deleted.
Structured text output	Returned to your device, not retained on our servers.
API request logs	30 days, then automatically deleted.
Billing records	7 years (Dutch tax-law obligation, Art. 52 AWR).
Newsletter subscription	Until you unsubscribe.

The Slownotes newsletter is opt-in. We will only email you if you ticked the newsletter box during onboarding or signed up later. The checkbox is never pre-ticked, and it is not bundled with the Terms of Service.

The newsletter contains tips for using Slownotes, announcements about new features, and updates on integrations. No third-party offers, no affiliate links, no marketing content from anyone but us.

You can unsubscribe at any time using the link at the bottom of every email, or by emailing us at [email protected]. Unsubscribing is processed immediately.

Under the GDPR you have the right to:

• Access the personal data we hold about you.
• Correct data that is wrong or out of date.
• Delete your account and the data attached to it.
• Port your data to another service in a machine-readable format.
• Object to processing based on legitimate interest.
• Withdraw consent for the newsletter or any other consent-based processing.

To exercise any of these rights, or if you have any worry, doubt, or question about how we handle your data, email [email protected] with the subject line "Privacy request". We will action it within 30 days, usually within a week.

You also have the right to lodge a complaint with the Dutch Autoriteit Persoonsgegevens, though we hope you will give us a chance to put things right first.

Slownotes requires users to be at least 13 years old, and we do not knowingly collect data from anyone younger. Users under 16 in the EU require parental consent.

If you are a parent or guardian and you believe your child signed up without your consent, email [email protected] and we will delete the account.

We protect your data with the standard set of measures you would expect from a small modern app:

• All traffic between your device and our backend is encrypted with TLS 1.3.
• Passwords are hashed with bcrypt; we never see them in plain text.
• Our database is encrypted at rest.
• Access to production systems is limited to the developers and uses hardware security keys (WebAuthn).
• API tokens are stored in your iPhone's Keychain.

If you discover a security issue, please email [email protected] with the subject line "Security" so we can prioritise it.

If we change anything material in this policy, for example adding a new sub-processor or expanding what data we collect, we will update the date at the top, bump the version number, and notify you in the app and by email if you are subscribed. The current version always lives at slownotes.app/privacy. Every published version is also kept at a permalinked URL: this is version 1.1 (slownotes.app/privacy/v1.1). The previous version 1.0 remains available at slownotes.app/privacy/v1.0.

For anything privacy-related: [email protected]. We aim to respond within two working days.