This Privacy Policy explains what information PenDate Notes ("the App") collects and processes, how that information is used, how it is protected, and the choices available to you. This policy applies to the PenDate Notes application available on Google Play and other platforms.
At a Glance
- PenDate Notes is an offline-first note-taking app. All core features work without an internet connection or an account.
- Cloud sync via Google Drive is entirely optional and only activates when you choose to link your Google account.
- The App does not contain advertising SDKs, analytics SDKs, or crash-reporting SDKs.
- We do not sell, rent, or trade your personal information to third parties.
- On-device handwriting recognition runs locally on your device and does not send your writing to any server.
1. Information the App Processes
1.1 Content You Create
PenDate Notes stores the content you create or import, including:
- Text notes, rich text notes, and note titles
- Handwritten drawings, canvas strokes, and canvas page data
- Checklists and checklist items
- Photos captured with your camera and audio recordings you create within the App
- Files you import (such as PDFs) and files you export or share
- Reminder and scheduling information
- Tags, folders, and organizational metadata
- App settings and preferences (theme, language, calendar options)
By default, all of this information is stored only on your device in a local database.
1.2 Google Account Information (Optional Cloud Sync)
If you choose to link your Google account for cloud sync, the App uses Google OAuth 2.0 to request the following permissions (scopes):
| Google API Scope | What It Accesses | Why It Is Needed |
|---|
drive.file |
Files the App creates or opens in your Google Drive |
Upload and download your synced notes |
drive.appdata |
A hidden app-specific folder in your Google Drive |
Store sync metadata (manifests, conflict snapshots) that you do not need to manage directly |
openid, profile, email |
Your Google account ID, display name, and email address |
Identify your linked account and display it in the App's Settings screen |
The App accesses only files it creates in your Google Drive. It does not read, modify, or delete other files in your Drive.
When you link Google Drive, the App receives and stores locally on your device:
- Your Google account ID, display name, and email address
- OAuth access and refresh tokens
This Google user data is used solely to provide the cloud sync feature. It is not transferred to any third party, used for advertising, used to determine creditworthiness, or used for any purpose unrelated to the sync functionality described in this policy.
1.3 Cloud Sync Data
When cloud sync is enabled, the App uploads note data and sync metadata to a folder named "CalendarNotes" in your Google Drive. This includes:
- Individual note files (JSON format) containing note content, metadata, and drawing data
- Sync manifests and conflict-resolution snapshots
- Database snapshots used for full-device sync
All data transmitted between your device and Google Drive is sent over HTTPS (TLS-encrypted connections).
1.4 On-Device Processing
PenDate Notes includes optional handwriting recognition and text recognition features powered by Google ML Kit. These features run entirely on your device. No handwriting data, canvas strokes, or recognized text is sent to any external server. Language models for recognition are either bundled with the App or downloaded once to your device for local use.
1.5 Public Holiday Data
The App can optionally display public holidays on your calendar. To provide this feature, the App sends your selected country code and calendar year to the Nager.Date public holiday API (date.nager.at). No personal information, account data, or note content is sent in this request.
2. How We Use Information
PenDate Notes uses the information it processes only to provide, maintain, and improve App features:
- Storing and organizing your notes, drawings, and checklists on your device
- Syncing your notes to and from your Google Drive when you enable cloud sync
- Displaying your linked Google account name and email in Settings
- Exporting, sharing, and importing note content when you initiate those actions
- Scheduling and delivering reminder notifications
- Recognizing handwriting on-device when you use that feature
- Displaying public holidays on the calendar
- Saving and applying your preferences (theme, language, time format, calendar start day)
We do not use your data for advertising, profiling, or behavior tracking.
3. When Information Is Shared
PenDate Notes shares information only in the following circumstances:
- Google Drive sync — If you choose to link Google Drive, your note data and sync metadata are transmitted to Google Drive to provide sync functionality. This transfer is governed by Google's Privacy Policy.
- System sharing and export — When you use the share or export features, the App passes the content you selected to the system share sheet or file picker. The receiving app is determined by your choice.
- Holiday data request — The App sends a country code and year to Nager.Date to retrieve public holidays. No personal data is included.
- Legal requirements — Information may be disclosed if required to comply with applicable law, regulation, or legal process.
We do not sell, rent, or trade your personal information. We do not transfer Google user data to advertising platforms, data brokers, or information resellers.
4. Data Security
PenDate Notes implements the following measures to protect your data:
- Encrypted token storage — Google OAuth tokens are stored using Android's EncryptedSharedPreferences (AES-256 encryption) and iOS Keychain, provided by the
flutter_secure_storage library.
- Secure transport — All communication with Google Drive and other network services uses HTTPS (TLS-encrypted connections). The App does not transmit data over unencrypted channels.
- Local-first storage — Note content is stored in a local SQLite database on your device. No remote server managed by the developer holds your note data.
- No third-party tracking — The App does not include advertising SDKs, analytics trackers, or crash-reporting services that would transmit data to third parties.
- On-device AI processing — Handwriting and text recognition run locally and never send your content to an external server.
5. Data Storage and Retention
Local Data
Notes, settings, and all other app data remain on your device until you delete them, clear the App's data, or uninstall the App. Deleted notes are moved to a Recycle Bin within the App and can be permanently removed from there.
Google Drive Sync Data
If you enable cloud sync, copies of your synced notes are stored in your Google Drive account. This data remains in your Google Drive until you delete it from Drive.
Unlinking your Google account in the App removes the local session data (tokens and account information) and stops future syncing, but it does not automatically delete files already stored in your Google Drive. You can delete those files directly from Google Drive at any time.
Google OAuth Tokens
When you unlink your Google account, the App deletes the locally stored OAuth tokens from encrypted storage. You can also revoke the App's access to your Google account at any time through your Google Account permissions page.
6. Your Choices and Controls
You have full control over your data:
- Use offline only — Use the App without linking any cloud account. No internet connection is required for core note-taking features.
- Enable or disable cloud sync — Link or unlink Google Drive at any time in Settings.
- Delete notes — Delete individual notes or clear all notes from within the App.
- Delete synced data — Delete synced files directly from your Google Drive account.
- Revoke Google access — Remove the App's access to your Google account at myaccount.google.com/permissions.
- Clear app data or uninstall — Clear the App's local storage or uninstall it to remove all locally stored data.
- Manage permissions — Grant or revoke device permissions (camera, microphone, notifications, storage) through your device's Settings at any time.
7. Device Permissions
PenDate Notes may request the following device permissions. Each permission is requested only when you use the feature that requires it:
Internet & Network State
Required for optional Google Drive cloud sync and public holiday data retrieval.
Camera
Used when you choose to take a photo to insert into a rich text note. Not required for basic note-taking.
Microphone
Used when you choose to record an audio clip to embed in a rich text note. Not required for basic note-taking.
Notifications & Alarms
Used to deliver reminder notifications at the date and time you schedule. Includes exact alarm and boot-completed permissions to ensure reminders persist.
Vibration & Wake Lock
Used to alert you when a scheduled reminder fires.
Storage / File Access
Used when you import files (such as PDFs), export notes, or save shared content. On Android 10+, the App uses scoped storage and the system file picker (SAF).
All permissions are optional. The App's core offline note-taking features work without granting any of these permissions except notifications (for reminders).
8. Google API Services — Limited Use Disclosure
PenDate Notes' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- The App uses Google user data only to provide the cloud sync and account display features described in this policy.
- The App does not transfer Google user data to third parties except as necessary to provide the sync feature (i.e., communicating with Google Drive APIs), for security purposes, or to comply with applicable law.
- The App does not use Google user data for serving advertisements, retargeting, or interest-based advertising.
- The App does not allow humans to read your Google user data unless you provide affirmative consent, it is necessary for security or legal compliance, or the data is aggregated and anonymized for internal operations.
9. Children's Privacy
PenDate Notes is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe that a child under 13 has provided personal information through the App, please contact us so we can take appropriate action.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in the App's features or applicable legal requirements. The updated version will be posted at this page with a revised "Last updated" date. We encourage you to review this policy periodically.