Privacy Policy

1. Introduction and Scope

This Privacy Policy (“Policy”) governs the collection, processing, storage, transfer, and deletion of personal data by Lion's Notes (“Application,” “Service,” “we,” “us,” or “our”) — a mobile productivity application available on the Apple App Store and Google Play Store, as well as any associated web interfaces.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree, you must immediately discontinue use of the Service.

This Policy applies to the Lion's Notes mobile application (iOS and Android), any web application or landing page operated under the same brand, all interactions with our backend services, authentication systems, and billing infrastructure, and all current and future features of the Service.

2. Information We Collect

Information you provide directly:

• Account registration data — email address, display name, and password processed and stored by Clerk, Inc.
• Authentication identifiers — OAuth tokens and session tokens generated upon sign-in via Apple, Google, or email/password.
• User-generated content — tasks, notes, checklist items, habit entries, habit logs, rich text content, expense session data, and any other content you create within the Service.
• User preferences — theme selections, language preferences, notification preferences, and streak configuration.

Information collected automatically:

• Device information — device model, operating system version, unique device identifiers (where permitted by the OS), and app version.
• Usage data — features accessed, timestamps of interactions, session duration, and in-app events generated in the course of normal application use.
• Push notification tokens — device tokens used to deliver local notifications, if you have granted notification permissions.
• Crash and diagnostic data — error reports and performance metrics collected via Sentry, which may include device info, OS version, app version, error stack traces, and IP address.

What we do NOT collect: payment card numbers, bank account details, precise geolocation, biometric data, Social Security numbers, health data, browsing history outside the Application, or contacts and media from your device unless explicitly uploaded by you.

Guest mode (no account): The App may be used in a limited guest mode without creating an account. In guest mode, all data you create — tasks, habits, and expense entries — is stored exclusively on your device using local storage. This data is not transmitted to our servers. However, crash and diagnostic data may still be collected by Sentry (our error reporting provider) while you use the App in guest mode, as described in the “Information collected automatically” section above. If you subsequently create an account or sign in, you will be offered a one-time option to import your locally stored guest data to your account. This transfer occurs only upon your explicit confirmation. If you choose not to import, or if you delete the App before signing in, your guest data is permanently lost and cannot be recovered by us.

3. Subscription and Payment Data

We do not directly collect, store, or process payment card numbers or any sensitive financial credentials. All billing is handled exclusively through Apple In-App Purchase (iOS) or Google Play Billing (Android). RevenueCat, Inc. processes billing metadata on our behalf, including subscription status, product identifiers, purchase dates, renewal dates, and expiration dates. We receive from RevenueCat only the minimum subscription metadata necessary to provide Pro features. We do not receive full payment details.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area and United Kingdom, we process personal data on the following legal bases under GDPR:

• Account creation, content storage, subscription management — performance of a contract (Art. 6(1)(b) GDPR)
• Push notifications — consent (Art. 6(1)(a) GDPR), which you may withdraw at any time
• Crash diagnostics via Sentry, security and fraud prevention — legitimate interests (Art. 6(1)(f) GDPR)
• Legal compliance — legal obligation (Art. 6(1)(c) GDPR)

5. How We Use Your Information

We use the information collected to: operate, maintain, and provide all features of the Application; authenticate users and manage sessions; verify Pro status and enforce feature access; deliver habit reminders and other notifications you have configured; diagnose bugs and improve the Application; detect and prevent fraud and unauthorized access; comply with applicable laws; and respond to support requests.

We do not sell, rent, trade, or otherwise commercialize your personal data to any third party for their independent marketing or advertising purposes.

6. Third-Party Service Providers

We engage the following sub-processors, each bound by data processing agreements:

• Clerk, Inc. (US) — authentication and identity management. Processes email, display name, hashed passwords, OAuth tokens, session data. Privacy Policy
• Convex, Inc. (US) — backend database and serverless functions. Processes all user-generated content, application state, subscription metadata. Data transfers to the US are covered by Standard Contractual Clauses. Privacy Policy
• RevenueCat, Inc. (US) — subscription management and billing metadata. Privacy Policy
• Sentry, Inc. (US) — crash and error reporting. May collect device info, OS version, app version, error stack traces, and IP address. Data transfers governed by Standard Contractual Clauses. Privacy Policy
• Apple Inc. and Google LLC — app distribution, in-app purchase processing, push notification infrastructure.

Where personal data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses approved by the European Commission to ensure an adequate level of protection.

7. Data Retention

• Active account data — retained for the duration of your account plus 30 days following deletion (for accidental deletion recovery).
• User-generated content — deleted upon account deletion request, subject to the 30-day grace period.
• Subscription records — retained for 7 years from the transaction date to comply with financial record-keeping obligations.
• Authentication and security logs — retained for 90 days.
• Anonymized analytics — may be retained indefinitely as they cannot be linked to any individual.

8. Data Security

We implement industry-standard technical and organizational measures to protect your personal data, including encryption of data in transit via TLS 1.2 or higher, access controls limiting data access to authorized systems, and secure authentication via Clerk's enterprise-grade identity infrastructure.

9. Your Rights

Rights for all users: Subject to applicable law and verification of your identity, you have the right to access, correct, delete, and receive a portable copy of your personal data, and to object to certain processing.

EEA/UK users (GDPR): You additionally have the right to restrict processing, withdraw consent at any time without affecting the lawfulness of prior processing, and lodge a complaint with your local data protection supervisory authority.

California residents (CCPA/CPRA): You have the right to know what personal information is collected, used, or shared; to delete personal information subject to exceptions; to correct inaccurate personal information; and to non-discrimination for exercising CCPA rights. We do not sell or share personal information as defined under CCPA/CPRA.

To exercise any of the above rights, contact us at support@lionnotes.online. We will respond within 30 days (or 45 days where permitted by law with notice).

10. Account & Data Deletion

You can delete your account directly from the app: Settings → Danger Zone → Delete Account. All your personal data will be permanently removed within 30 days, subject to legal retention obligations. Alternatively, email support@lionnotes.online with subject “Delete My Account — Lion's Notes”.

What gets deleted: account, all tasks, habits, notes, settings, session history, expense data.
What may be retained: anonymized aggregate statistics; subscription records retained for 7 years as required by law.

11. Children's Privacy

The Service is not directed to children under the age of 13, or under the age of 16 for users in the EEA. We do not knowingly collect personal data from children below these ages. If you believe we may have collected data from a child, please contact us immediately at support@lionnotes.online and we will delete it promptly.

12. Push Notifications

The Service may request permission to send push notifications for habit reminders and other features. You may withdraw this permission at any time through your device's operating system settings. Withdrawal of notification permission does not affect your continued use of the Service.

13. Automated Decision-Making and Profiling

We do not engage in any automated decision-making or profiling activities that produce legal or similarly significant effects on you, as described in Article 22 of the GDPR. All feature access decisions (such as Pro status enforcement) are based solely on verifiable subscription data obtained from Apple App Store or Google Play Billing and are not the result of any automated profiling of your behavior or personal characteristics.

14. Do Not Track

Some browsers and devices transmit “Do Not Track” (DNT) signals. The Service is a native mobile application and does not operate through a browser tracking context. We do not currently respond to DNT signals, and no third-party tracking for behavioral advertising purposes is conducted within the Application. We will update this Policy if our practices change.

15. Sensitive Personal Information (CPRA)

Under the California Privacy Rights Act (CPRA), certain categories of personal information are designated as “sensitive.” We do not collect sensitive personal information as defined under CPRA (including Social Security numbers, financial account details, precise geolocation, health data, biometric data, contents of communications, or racial/ethnic origin) except as described in this Policy. We do not use or disclose sensitive personal information for purposes other than those necessary to provide the Service. You have the right to limit our use of sensitive personal information; however, as we do not use it beyond what is strictly necessary to provide the Service, no opt-out mechanism is required at this time.

16. Language and Governing Version

The Service supports thirteen (13) interface languages for user convenience. This Privacy Policy is provided in English only. The English version constitutes the sole legally binding version of this Policy. Non-English user interfaces do not constitute translations of this Policy and have no legal effect. In the event of any conflict or ambiguity, the English text of this Policy shall prevail in all respects.

17. Changes to This Policy

We reserve the right to modify this Policy at any time at our sole discretion. Changes will be effective upon posting the revised Policy with an updated “Last Updated” date. We may, but are not obligated to, provide notice of material changes through in-app notifications or email. Your continued use of the Service after the effective date of any modification constitutes your acceptance of the revised Policy. If you do not agree to the revised Policy, you must discontinue use of the Service immediately.

18. Contact

For all privacy-related inquiries, requests, or complaints:
support@lionnotes.online
We aim to respond within 30 days of receipt.