Privacy policy.

Every note, pattern, graph node, edge, commitment, and paired Knot lives in an encrypted Core Data store inside the Noot app sandbox on your iPhone. When you delete the app, iOS wipes that store — there is no cloud backup of it unless you explicitly opt in to Premium's CloudKit sync (coming in a later update, and covered separately below).

When you have a conversation with Noot, your messages are sent to our Noot-operated API proxy, which forwards them to Anthropic's Claude model for the response. The entire transcript is held in memory on our proxy only for the duration of the conversation (up to 20 minutes), then deleted. We do not write conversation content to any database. Ever.

What we do persist, in a table called api_usage:

• Your device's anonymous UUID (generated on first launch)
• The model used (Sonnet or Haiku)
• Token counts and a calculated dollar cost
• A timestamp

We use these rows to enforce per-device rate limits and cost caps, and to notice abuse. No message content, no extractions, nothing that could identify you personally.

• Your name, phone number, or address
• Your location (Noot has no location permissions)
• Your contacts, photos, microphone (unless actively recording), or calendar
• Your conversation content, pattern data, or graph data — these stay 100% on your device, always
• Analytics events tied to identifiable you — no PostHog, no Amplitude, no Mixpanel on free tier
• Any crash reports tied to identifiable you — Sentry runs anonymized

Note on email: If you choose to participate in the referral program or receive updates, your email address is collected and stored in our cloud database (Supabase). See the next section for details. Email is never linked to your conversation data, pattern data, or graph data — those stay entirely on your phone.

Email collection is entirely optional. We only ask for your email if you want to participate in the referral program or receive product updates.

If you provide your email, here's what happens:

• Your email is stored in Supabase (our cloud database), linked to your anonymous device UUID
• We use your email for: referral code generation, email verification, reward notifications, and marketing communications (if you opted in)
• Your email is never linked to your conversation data, pattern data, or graph data — those stay 100% on your device
• We never sell or share your email address with third parties

If you participate in the referral program, Shopify discount codes may be generated on your behalf for Knot purchases. These codes are tied to your referral activity, not to your on-device data.

You can opt out of marketing emails at any time. You can also request full deletion of your email and referral data by contacting help@harbegold.com.

If you tap the mic button during a conversation, we use Apple's on-device Speech framework. Audio never leaves your phone. The resulting text is treated the same as anything you type — sent to the Noot API proxy for the Claude response, then dropped from our servers at session end.

If you turn on the optional HealthKit integration, Noot reads HRV, sleep, and step data from your phone to enrich pattern detection. This data is read-only and never leaves your device. Noot never writes to HealthKit. You can revoke access at any time in iOS Settings → Health.

If you turn on Cloud Backup in Premium, a copy of your Core Data store is synced to your personal iCloud account via CloudKit. This copy is end-to-end encrypted by Apple — Noot cannot read it, decrypt it, or access it in any way. It's available only to devices signed in to your Apple ID.

Our API proxy sends your message text to Anthropic (Claude) exactly once per turn, over TLS. Per Anthropic's privacy policy, API calls from Noot are not used to train their models. Anthropic may hold transcripts briefly for abuse detection; they're not made available to Noot.

In the app: Profile → Export my data gives you a JSON file with everything Noot has on your device. Delete all my data wipes every note, pattern, node, and paired Knot on the device. The only thing that lingers is your device UUID in the api_usage rate-limit table on our server, which is not tied to any personal information and ages out over 90 days.

Noot is not for users under 13. We do not knowingly collect information from children.

Questions, requests, or concerns: help@harbegold.com. Noot is a product of Harbegold LLC.