Crystal Note Privacy Policy

  • Home
  • Crystal Note Privacy Policy

Last Updated: 5 January 2026

1. Introduction

Crystal Note (“we,” “our,” or “us”) is a privacy-first application. We do not require user accounts, we do not sell your data, and your audio is processed only to generate notes. We believe in transparency regarding the limited data used to improve our service and measure our growth.

2. Data We Collect and How We Use It

2.1 Audio Recordings

  • Permission: We request microphone access (NSMicrophoneUsageDescription) so you can record voice notes.
  • Processing: Audio is recorded and stored locally on your device. When you request a transcription, the audio file is securely uploaded to our server (Firebase Cloud Functions) and forwarded to our AI provider (OpenAI) for processing.
  • Retention: Audio sent for transcription is not stored permanently. It is deleted as soon as processing is complete (typically within minutes).

2.2 Transcribed Text

  • Storage: Transcribed notes are stored locally on your device (AsyncStorage).
  • Cloud Storage: We do not store your transcribed notes on our servers.
  • Sync: There is no cloud sync or user account system at this time.

2.3 Background Processing

We use background modes (UIBackgroundModes) to allow recordings to continue when your screen is locked or you switch apps.

2.4 Photo Library Access

  • Permission: We request permission to add photos to your library (NSPhotoLibraryAddUsageDescription).
  • Usage: This access is used strictly to save images of your notes that you explicitly choose to export.
  • Privacy: We do not access, view, scan, or upload your existing photos. This permission is “write-only” for saving your exports.

2.5 Usage Data, Diagnostics, and Attribution

We collect usage and diagnostics data to understand app performance and improve features (for example: app opens, feature usage, crashes). This data is generally pseudonymous and may include device or app identifiers.

Please note: Under Apple’s definitions, some identifiers may be classified as “linked to you,” and ad measurement may be classified as “tracking,” even if we do not collect your name or email address.

3. Third-Party Services

We use trusted providers to deliver core app functionality and measure our growth. Your data is handled according to their respective policies.

  • OpenAI: Audio-to-text transcription and text formatting. Data is processed to provide the service and handled according to OpenAI’s policies.
  • Google Firebase: Secure server-side processing and Firebase Analytics. Analytics/diagnostics help us monitor performance, stability, and usage trends, and may involve device/app identifiers.
  • RevenueCat: Manages premium subscriptions using an app-specific App User ID to verify subscription status without requiring an account.

Advertising and Attribution (Meta and TikTok)

We use Meta (Facebook) and TikTok SDKs to measure the effectiveness of our advertising campaigns.

  • App Tracking Transparency (iOS): We will ask for your permission to track your activity across other companies’ apps and websites.
  • If you decline: We use Apple’s SKAdNetwork to receive aggregated, anonymous attribution data (for example: installs from a campaign) without identifying you personally.
  • If you accept: We may collect your device’s advertising identifier (IDFA) and related signals to link your install and in-app events (such as starting a trial) to advertising campaigns. This helps us measure and improve marketing performance.

4. User Accounts and Identifiers

  • No Account Required: You can use Crystal Note without creating an account.
  • App-Specific Identifier: We generate an app-specific identifier on your device to manage subscription status and analytics. This identifier does not include your name or email, but may be considered “linked” under certain platform definitions.

5. Security

We use standard security measures such as HTTPS/TLS encryption for data in transit and restrict access to processing systems used to deliver the service.

6. International Transfers

Our service providers may process data on servers located outside your country/region. Where applicable, providers use safeguards to protect data in accordance with their policies and applicable laws.

7. Data Deletion

You have control over your data:

  • Delete Individual Notes: Remove any note directly in the app.
  • Delete All Data: Use the “Delete All Data” option in Settings to erase locally stored notes and reset the app.
  • Analytics / Attribution: Deleting the app removes local data and resets our app-specific identifier. Some third-party providers may still receive limited device-level signals under their own policies.

8. Children’s Privacy

Crystal Note is not intended for children under 13. We do not knowingly collect personal information from children under 13.

9. Your Rights (GDPR / Similar Regions)

If you are located in the EU/EEA or another region with data protection laws, you may have rights to access, correct, or delete your personal data.

Because Crystal Note does not maintain user accounts or store personal data (like names or emails) on its servers, these rights are primarily exercised by managing or deleting data stored on your device. For ad-related data handled by Meta or TikTok, you can manage preferences within their respective platform settings.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version and update the “Last Updated” date above.

11. Contact Us

If you have questions or requests regarding this Privacy Policy, please contact us at:
Email: yeap@yeapdigital.co.uk