Privacy Policy
Last updated: March 31, 2026
loose-leaf is built with privacy at its core. Your notes are end-to-end encrypted and stored locally on your device. The server cannot read your content. This policy explains what data we process, why, and on what legal basis.
1. Controller
[FULL NAME]
[STREET AND NUMBER]
[ZIP CITY]
Germany
Email: [YOUR@EMAIL]
2. What data we collect
2.1 Account identity
When you first open loose-leaf, a cryptographic key pair (Ed25519) is generated locally on your device. The public key (Owner ID) is sent to our server to authenticate sync requests. We do not collect your name, username, or any other identifying information.
2.2 Email (optional)
You may optionally register an email address for account recovery, promo code redemption, and billing notifications. We verify your email with a one-time code that expires after 15 minutes.
2.3 Sync data
If you use multi-device sync, your notes are end-to-end encrypted on your device before being transmitted. The relay server stores only encrypted blobs it cannot decrypt. Free accounts are limited to 50 MB of sync data, retained for up to 60 days since the last sync.
2.4 Media files
On paid plans, media files (images, videos, documents) are uploaded to encrypted storage. Files are associated with your Owner ID but are not end-to-end encrypted at the storage level.
2.5 Purchase data
If you subscribe to a paid plan, purchase records are managed by Apple through the App Store. We store your subscription status, tier, and expiry date. We do not store payment card details.
3. Why we process your data
| Purpose | Data | Legal basis |
|---|---|---|
| Provide the app and sync | Owner ID, encrypted notes | Contract performance (Art. 6(1)(b) GDPR) |
| Email verification and recovery | Email address | Consent (Art. 6(1)(a) GDPR) |
| Subscription and billing | Email, subscription status | Contract performance (Art. 6(1)(b) GDPR) |
| Media storage | Uploaded files | Contract performance (Art. 6(1)(b) GDPR) |
| Account inactivity cleanup | Last-active timestamp | Legitimate interest (Art. 6(1)(f) GDPR) |
4. Who we share data with
We use the following categories of service providers:
- Hosting providers (EU and USA) — for running the sync relay and application servers
- Cloud storage (Cloudflare) — for media file storage and delivery
- Apple — as merchant of record for in-app purchases
- RevenueCat — for subscription status management on iOS
Where data is transferred to the USA, transfers are safeguarded under the EU-U.S. Data Privacy Framework or EU Standard Contractual Clauses (SCCs). Our sync relay and email servers run on dedicated virtual servers managed by us.
We do not sell, rent, or share your data with advertisers or data brokers.
5. Data retention
- Sync data (free): Up to 60 days since last sync
- Sync data (annual plan): Up to 365 days since last sync
- Media files: Retained while subscription is active, plus 14-day grace period
- Email verification codes: 15 minutes
- Account records: Deleted 7 days after inactivity warning (free tier, 60 days inactive)
- Paid accounts: Retained as long as subscription is active
6. Your rights
Under the GDPR, you have the right to:
- Access your personal data (Art. 15)
- Rectify inaccurate data (Art. 16)
- Erase your data (Art. 17) — you can reset your account in the app at any time
- Restrict processing (Art. 18)
- Data portability (Art. 20) — your notes are stored locally and can be exported
- Object to processing based on legitimate interest (Art. 21)
- Withdraw consent at any time for email processing (Art. 7(3))
To exercise these rights, contact us at [YOUR@EMAIL].
7. Right to complain
You have the right to lodge a complaint with a supervisory authority. The competent authority for the controller is the data protection authority of [BUNDESLAND], Germany.
8. Cookies and local storage
loose-leaf does not use tracking cookies, analytics, or third-party scripts. We use browser localStorage for essential app functionality:
- Onboarding state
- User preferences (theme, settings)
- Database encryption keys (never transmitted)
These are essential for the app to function and do not require consent under the TDDDG.
9. Changes to this policy
We may update this privacy policy from time to time. The latest version is always available at this URL. Material changes will be communicated through the app.