— Legal · Privacy Policy

Privacy Policy

Effective: April 1, 2024  ·  Last updated: April 27, 2026

Introduction

Welcome to Notella! This Privacy Policy describes how we collect, use, and share your personal information when you use our iOS and web application (“Notella”, also known publicly as “Notella: AI Note-taker”, “Notella AI Notes”, or any related phrase).

Who we are

Notella is owned and operated by Pixelpuff Pvt Limited, a United Kingdom–registered private limited company. We are a small, independent company dedicated to providing an efficient and reliable AI-powered note-taking experience.

Where your data lives

Your notes, transcripts, and audio are stored in the United States on Supabase (hosted on AWS us-east-1). If you're an EU user, your data leaves the EU. We'll disclose clearly if we change regions.

Your rights under GDPR

If you're in the EU or UK, you have the following rights under GDPR (Article 13 and Articles 15–22):

  • Access: Ask for a copy of the personal data we hold about you.
  • Rectification: Ask us to correct inaccurate data.
  • Erasure: Delete your account from settings — your data is removed immediately. You can also email us if the in-app option is unavailable.
  • Restriction: Ask us to pause processing of your data while a dispute is resolved.
  • Portability: Export your transcripts and notes in a readable format. The in-app export covers this; email us for anything else.
  • Objection: Object to specific uses of your data, including any analytics processing.

To exercise any of these rights, email contactus@notella.app. We respond within the GDPR-mandated 30 days, usually faster.

What happens to your recordings

When you record a lecture, the audio is saved on your device first, then uploaded over an encrypted connection to our US storage. To generate a transcript, the audio is sent to Groq, which processes it with their Whisper implementation (whisper-large-v3-turbo) and does not retain the content. The resulting transcript is then sent through OpenRouter (which routes to OpenAI's gpt-4o-mini by default) to generate your summary, flashcards, and quiz. OpenAI does not train on this data and retains it for up to 30 days for abuse monitoring under their standard API terms. Only you can see your notes; Notella staff do not read your recordings, and database access is limited to authorized personnel for debugging and support (and is logged).

Semantic search

When you search across your notes, your search query is sent to OpenAI's embeddings API directly (to turn your query into a vector for matching). Same 30-day retention, no training. If you'd rather not send your search queries to a third party, keyword search still works fully locally.

What Notella is NOT for

Notella is a study tool for lectures, seminars, and personal content. It is not HIPAA-compliant and must not be used to record patient encounters, clinical rotations, therapy sessions, or any protected health information. If you are a medical, nursing, pharmacy, or other clinical student, use Notella only for non-clinical content like didactic lectures and textbook chapters.

What you control

Delete any note at any time — its transcript, summary, flashcards, quiz, and audio are removed immediately. Export your notes as text or PDF whenever you want. You can delete your entire account from settings; deletion is immediate and permanent — we don't keep a backup copy and we can't recover your data if you change your mind, so we'll ask you to type DELETE to confirm. No grace period. No dark patterns.

About third-party copies: While Notella's own copy of your data is removed the moment you confirm deletion, third-party processors that briefly held copies during processing follow their own retention windows. Groq (used for audio transcription) does not retain audio. OpenAI / OpenRouter (used for generating summaries, flashcards, and quizzes) retain prompts and outputs for up to 30 days for abuse monitoring, then delete them. We have no way to expedite deletion from those vendor pipelines beyond their stated windows.

Other vendors we use for app operations

In addition to the AI vendors listed above, we use the following third-party services to run the business. These vendors handle payments, analytics, and subscriptions — they do not receive your recordings, transcripts, or note content:

Data security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Your rights

Data deletion

You can request to have your information deleted entirely from our systems at any time. To request deletion of your data, please contact us at the email address below. We will process your request within 30 days.

Data access

You have the right to request a copy of the personal information we hold about you. We will provide this information in a portable format within 30 days of your request.

Data correction

If you believe any information we hold about you is inaccurate or incomplete, you can request that we correct or update it.

Opt-out

You may opt out of analytics tracking through your device settings (iOS: Settings → Privacy → Tracking) or by contacting us directly.

Access to personal information

We may transfer your personal information (including personal data) to an affiliate, a subsidiary, or a third party in the event of any reorganization, merger, acquisition or sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock, including, without limitation, in connection with any bankruptcy or similar proceeding.

In such cases, we will ensure that the receiving party agrees to protect your personal information in accordance with this Privacy Policy or provide you with notice and an opportunity to opt out of the transfer.

International data transfers

As we operate globally and use third-party services that may be located in different countries, your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

Children's privacy

Notella is not intended for children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

Updates to our privacy policy

We may update this Privacy Policy at any time by posting the updated version with a new “Last updated” date at the top of this page. We will notify you of any material changes by:

  • Updating the “Last Updated” date
  • Sending an email notification to your registered email address
  • Displaying an in-app notification

Your continued use of the Notella website, application, products, and/or services after any updates to this Privacy Policy will constitute your acceptance of the updated Privacy Policy. If you do not agree with the changes, please discontinue using our services.

Contact us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days and work with you to address any concerns you may have about your privacy.

Thank you for using Notella.

We appreciate your trust and are committed to protecting your privacy.