Privacy Policy

OrbNote takes user privacy seriously. This Privacy Policy explains how we handle information when you use OrbNote and its AI features.

Our core boundary is simple: regular note data continues to be local-first with private iCloud sync, while requests only pass through OrbNote's AI service chain when you actively use an AI feature.

Regular notes, threads, attachments, and related core data in OrbNote follow a local-first architecture by default and sync through your own iCloud / CloudKit environment.

For this regular note data, we do not run a backend database for storing user content, and we do not offer a hosted cloud account system for managing that content on your behalf.

When you actively use AI Save or another AI feature, the app sends the content you submit to OrbNote's AI service in order to generate a save suggestion or return a result.

That content may include text you typed, images or attachment summaries you intentionally included, and the limited context needed to determine which group or thread it should be saved into.

OrbNote's AI service uses a stateless serverless gateway for authentication, rate limiting, service routing, and result forwarding. It is not a user content database.

We do not persist the content you send to AI in our own database, and we do not record plaintext content in routine service logs. Redis is used only for rate limiting and service stability, and stores only de-identified technical identifiers and counters, not note content, prompt text, image content, or attachment body text.

To provide AI features, we forward relevant requests to commercial AI service providers with strict privacy commitments.

According to their public policies, API request content is not used to train general models. We also prefer service modes that do not retain content or retain only the short-term safety data necessary to operate the service.

To support authentication, rate limiting, service stability, and troubleshooting, we may process necessary technical information such as anonymous installation identifiers, request IDs, app version, region information, error codes, latency, and token usage.

This technical information is used only to operate and diagnose the service. It is not used for ad targeting and is not part of any user content storage system.

Other than the processing required to provide AI features, we do not sell your data to advertisers and we do not share your content for ad targeting.

For regular notes, we do not build a backend content repository for operating on or searching user content.

Regular note content is primarily protected by your device security, iCloud / CloudKit security mechanisms, and the Apple security settings you enable.

AI requests are protected in transit through network security protocols, while regular notes and syncing continue to rely on Apple's privacy and security stack.

AI features are only triggered by you. You can choose not to use them, and regular notes will continue to work through the local-first and iCloud sync model.

Because your regular notes are primarily stored on your devices and in iCloud, you remain in control of that data.

If you have any questions about this Privacy Policy, please contact us through the in-app feedback feature or by emailing galen_kwok@icloud.com.