- NO'TA is a social platform. Some features are intentionally public, including public posts, comments, public-context conversations, place reviews, and any reflections or journeys you choose to make public.
- NO'TA does not require a phone number for standard sign-up, but it does process account, profile, content, security, device, age-gate, and usage data to run the Services.
- If you enable real-name visibility or post with your real name, that information can become visible to other users on the relevant surfaces.
- Private profiles, private reflections, and private journeys reduce visibility, but they do not mean NO'TA operators can never access information. Authorized moderators, support staff, and operators may access relevant data for safety, security, legal compliance, platform integrity, and operational support.
- If you delete your account, NO'TA currently uses a 30-day recovery window before permanent purge, then retains only limited archival data where necessary for legal, security, or audit purposes.
- NO'TA is still in a pre-launch or limited-release phase. Some features described here may be invite-gated, disabled, or available only in certain builds, regions, or test groups.
1. Scope and Applicability
This Privacy Policy applies to personal information processed through:
- the NO'TA mobile applications and Flutter web surface;
- the separate NO'TA web app and public pages under the NO'TA domain;
- waitlist, invite, help, support, and account management flows;
- notifications, moderation, safety, advertising, anti-abuse, and reputation systems; and
- operator, support, and trust-and-safety workflows that relate to user accounts, reports, devices, or content.
This Policy does not apply to third-party websites, apps, communities, ad networks, app stores, or services that have their own privacy policies, even if they are linked from NO'TA or integrated into NO'TA.
2. Information We Collect
We collect information you provide directly, information collected automatically when you use the Services, information generated through social and moderation activity, and information received from service providers or third-party integrations.
| Category | Examples Relevant to NO'TA |
|---|---|
| Account and identifier data | Email address, username, user ID, login credentials handled by Supabase Auth, Apple Sign-In or Google Sign-In identifiers, passkey credential metadata, two-factor authentication factor metadata, invite codes, waitlist email, support contact details, device ID, session identifiers, push subscription identifiers, CAPTCHA verification signals, and app instance identifiers. |
| Profile and preference data | Avatar, banner, bio, website, first and last name if you provide them, privacy settings, real-name visibility settings, language preferences, nationality, residence, education, occupation, Arabic level, spoken languages, commercial or platform status, and date-of-birth components. |
| User-generated content | Posts, comments, polls, fill-in-the-blank answers, community rules or edits, public-context conversations and conversation messages, quoted passages or media regions, reflections, journals, journeys, journey entries, library notes, place submissions, place reviews, offers, shared links, uploaded images, uploaded videos, and support or safety messages you send to us. |
| Social graph and participation data | Follows, blocks, bookmarks, library saves, votes, community memberships, report submissions, report outcomes, reputation score inputs, warnings, bans, shadowbans, conversation mute/archive states, moderation notes, and notification history. |
| Location and place data | Precise device location if you grant permission and use a location feature, place names, Google Places IDs, addresses, latitude/longitude, approximate location inferred from login IP or request headers, and optional location/weather metadata added to reflections. |
| Device, log, and security data | IP address, user-agent, platform, operating system, app version, crash reports, login event records, notification delivery and token data, connectivity state, underage signup attempt records, device blocklist signals, rate-limit counters, upload metadata, moderation quota signals, and security or abuse signals. |
| Usage and product telemetry | App opens, session duration, views, searches, shares, feature usage, onboarding progress, permissions granted, load time, profile views, announcement views, ad-consent or privacy-options status, and smart metrics used for reputation and product health. |
| Local device storage | Search history stored locally on your device, cached content, offline reflection and shared-link queues, language settings on web pages, theme and display preferences, and iOS share extension session data stored in an operating-system app group. |
| Advertising and commercial data | Sponsored post interactions, ad request and response data, ad frequency state, offer interactions, consent status, and mobile advertising identifiers if advertising is enabled in your build or region. |
2.1 Information you provide directly
- Registration and account setup. When you create an account, we collect your email address, password, username, date of birth, invite metadata, and any optional first/last name or profile details you provide. If you use passkeys, two-factor authentication, Apple Sign-In, Google Sign-In, or similar sign-in options, we also process the authentication metadata needed to run those features.
- Profile and identity choices. NO'TA lets you choose between username-based identity and, in some cases, real-name display. If you provide real-name data and enable those settings, we process those choices and display the information accordingly.
- Content and communications. We collect the content, metadata, attachments, and context you choose to submit, including drafts or pending offline content saved locally until sync.
- Waitlist, invite, and support flows. We collect the email address and any message or metadata you submit through waitlist forms, invite issuance flows, bug reports, safety reports, or support requests.
2.2 Information collected automatically
- Security and login telemetry. When you log in, sign up, fail an age gate, pass a CAPTCHA, or trigger a rate limit, we may record your IP address, user-agent, app source, device and abuse signals, and approximate location derived from request headers or a geo-IP service.
- App and product telemetry. NO'TA records app opens, session duration, search counts, view counts, shares, permissions granted, and other feature-use metrics.
- Notifications. If you enable push notifications, we collect device token or push subscription data and delivery events.
- Diagnostics. We use crash and diagnostics tooling to help us detect, investigate, and fix technical issues.
- Media and upload metadata. When you upload images, videos, avatars, banners, or journey media, we process file metadata and delivery records needed to store, serve, moderate, and secure that media.
- Browser and local storage. Our web surfaces may use cookies, local storage, session storage, or equivalent technologies for language preferences, session persistence, security, and similar purposes.
2.3 Information from third parties and other users
- Authentication partners. If you sign in with Apple or Google, we receive the profile and authentication information made available by that provider.
- Maps and place providers. If you use maps, nearby places, or place search features, we receive location and place data from Google Maps or Google Places services.
- Translation providers. If you ask NO'TA to translate text, the text you selected for translation may be sent to DeepL or a replacement translation provider.
- Safety, infrastructure, and CAPTCHA providers. We may receive or create security, moderation, media-delivery, CAPTCHA, and hosting signals through providers such as Cloudflare, OpenAI or other moderation providers, Supabase, and similar service providers.
- Reports and moderation signals. Other users may report your content or account. Admins and moderators may create warnings, review notes, or enforcement records tied to your account.
3. How We Use Information
We use personal information to operate, secure, and improve NO'TA.
- Create and manage accounts, authenticate users, recover accounts, and support sign-in, sign-out, and account deletion.
- Display profiles, identity settings, public content, community participation, public-context conversations, reflections, journeys, reviews, and other user-selected surfaces.
- Run core social features such as feeds, follows, blocks, bookmarks, voting, community membership, search, profile tabs, messaging, and directory experiences.
- Calculate and display reputation signals using data such as posts, comments, votes received, blocks, reports, reviews, account age, and smart metrics.
- Detect spam, doxxing, contact-info sharing, abuse, fraud, ban evasion, underage signup attempts, device abuse, and other policy or security risks.
- Review reports, run keyword and AI-assisted pre-publish moderation, investigate safety concerns, enforce platform rules, restore content when appropriate, and operate moderation, support, and trust-and-safety workflows.
- Send in-app messages, public conversation notifications, follow alerts, push notifications, emails, reset flows, operational notices, and invite or waitlist communications.
- Support translation, maps, place search, media hosting, sharing flows, offer features, crash recovery, analytics, and service performance.
- Deliver sponsored content, advertising, or measurement features if enabled.
- Comply with law, exercise legal rights, protect users, protect the Services, and respond to valid legal requests.
4. When Information Becomes Public on NO'TA
Because NO'TA is a social product, some information is intended to be visible to other users or to the public internet. Please read this section carefully.
4.1 Public posts, comments, and community activity
Posts, comments, votes, profile activity, community participation, place reviews, and other public interactions may be visible to other users and, where public web surfaces exist, to search engines and people or automated systems that access those pages.
4.2 Public conversations are not private DMs
NO'TA's messaging feature is structured around public-context conversations. Public conversations and conversation messages are not end-to-end encrypted private messaging. Do not use them for confidential or high-risk communications.
4.3 Reflections and journeys
Reflections and journeys are private by default. If you change a reflection or journey to public visibility, or choose to show a public journey on your profile, it may become visible to other users on the relevant NO'TA surfaces. Public reflections are intended for profile display; private reflections and journals are treated as more sensitive.
4.4 Real-name settings and private-profile settings
If your profile is public and you choose to show your real name or post with your real name, your first and/or last name can become visible on your profile and public content. If your profile is private, NO'TA limits follow and messaging behavior and uses your username instead of your real name for relevant public surfaces. Switching to a private profile does not necessarily erase content you already shared publicly.
4.5 Public indexing, copying, and re-sharing
Content made public on NO'TA may be copied, screenshot, quoted, indexed, cached, scraped, translated, or re-shared by other users, search engines, and third parties. Even if you later edit or remove public content, copies may remain elsewhere.
6. Advertising, Analytics, Safety, and Measurement
- Analytics and diagnostics. NO'TA uses analytics and diagnostics tools, including Firebase analytics/crash tooling and internal metrics, to understand usage, investigate issues, and improve stability and product quality.
- Push notifications. NO'TA uses OneSignal and related notification tooling to deliver push notifications and record notification delivery events.
- Maps and places. If you use place or map features, Google Maps or Google Places services may receive location, IP, or request information needed to fulfill your request.
- Translation. If you request translation, the text being translated may be sent to DeepL or a successor provider.
- Safety automation. NO'TA may use CAPTCHA, keyword filtering, AI-assisted moderation, media-delivery security, and abuse detection services to protect users and the platform.
- Advertising. If ads or sponsored content are enabled, NO'TA and its advertising partners, including Google Mobile Ads or a successor provider, may process device, app, approximate location, consent, and ad-interaction data to deliver, measure, and limit ads. On supported mobile platforms, advertising identifiers may be subject to operating-system permissions and settings, including App Tracking Transparency where required.
Where applicable law requires consent before non-essential cookies, mobile tracking, or advertising measurement, we will seek that consent or provide a legally required alternative control before carrying out the relevant processing. The in-app Data & Ad Privacy screen may also expose available mobile ads privacy options where the relevant SDK reports that those controls are required or available.
7. Cookies, Local Storage, and Device Storage
NO'TA's web and app surfaces use cookies, local storage, session storage, shared preferences, secure app storage, and similar technologies for authentication, language selection, settings, security, caching, offline support, and performance.
- Our landing pages currently store language preferences in browser local storage.
- The NO'TA web app may store auth/session state using Supabase browser storage behavior.
- The mobile apps may store settings, cached content, local search history, and pending content on the device.
- The iOS share extension flow may store auth session data in an app group so shared links can be handed off to the app securely.
You can manage or delete some of these technologies through your browser settings, device settings, in-app settings, or by uninstalling the app. Doing so may disable important features.
NO'TA does not currently respond uniformly to every browser "Do Not Track" signal. Where we are legally required to recognize browser-based opt-out preference signals, such as Global Privacy Control, we will do so to the extent the relevant web surface and applicable processing support it.
8. Legal Bases for Processing
If you are in the EEA, UK, Switzerland, or another jurisdiction that requires a legal basis, NO'TA generally relies on the following:
- Performance of a contract. To provide accounts, communities, public content, moderation, profile settings, search, messaging, authentication, and requested features.
- Legitimate interests. To secure the Services, prevent abuse, enforce rules, calculate reputation, apply age-gate and device protections, improve the product, operate moderation, understand usage, and defend legal claims.
- Consent. For precise location, push notifications, optional public disclosures you control, some analytics or ad processing where required, and any other processing that law requires us to base on consent.
- Legal obligations. To comply with legal requests, retain required records, address tax or regulatory issues, and support law-enforcement or court processes where valid.
- Vital interests or public-interest reasons. In the rare situations where they apply, such as credible threats to safety or serious harm.
9. International Data Transfers
NO'TA is offered globally. Your information may be processed in the country where you live and in other countries where we or our service providers operate. Those countries may have privacy laws that differ from the laws of your jurisdiction.
Where required by law, we use appropriate safeguards for cross-border transfers, such as contractual protections, adequacy mechanisms, or other recognized transfer tools. Public content, by its nature, may be accessed worldwide.
10. Data Retention
We retain personal information for as long as reasonably necessary to provide the Services, fulfill the purposes described in this Policy, comply with law, and protect users and the platform.
| Data type | General retention approach |
|---|---|
| Account and profile data | Retained while your account is active and for a reasonable period afterward to support recovery, security, legal obligations, and dispute handling. |
| Public content and public interactions | Retained until you delete it, an authorized moderator or operator removes it, or it is otherwise retired from the Services; copies may remain in logs, caches, backups, screenshots, search indexes, or third parties that accessed public content. |
| Private reflections, journals, and journeys | Retained while your account is active or until you delete them, then removed from active systems subject to backup, security, and legal retention needs. |
| Waitlist, invite, and support records | Retained for launch operations, support, security, recordkeeping, and relationship management unless you ask us to delete them and we no longer need them. |
| Security, moderation, and audit records | Retained as long as reasonably necessary to investigate abuse, maintain platform integrity, comply with law, and preserve audit trails. |
| Age-gate, device, rate-limit, and CAPTCHA records | Retained for as long as reasonably necessary to prevent underage signup, account abuse, automated activity, fraud, or ban evasion, then deleted or de-identified when no longer needed. |
| Media delivery and safety scan records | Retained for operational security, abuse investigation, content moderation, cache delivery, legal compliance, and incident response. |
| Deleted account data | NO'TA currently uses a 30-day grace period for account recovery. After that period, most account-linked data is purged, while limited archival information may be retained for legal compliance, fraud prevention, or audit purposes. |
| Local device storage and caches | Retained until cleared by the app, overwritten, removed by your device settings, or deleted when the app is uninstalled. |
11. Your Choices and Rights
NO'TA offers privacy choices inside the product, and many users have additional rights under local law.
- Access and portability. You may request a copy of personal information we hold about you, subject to legal limits. Where available, the in-app Export My Data flow can generate a data export.
- Correction. You can edit profile information in the app and may ask us to correct inaccurate personal information.
- Deletion. You can request deletion through Settings > Account > Delete Account. NO'TA currently requires an explicit confirmation step and uses a 30-day recovery window before final purge.
- Visibility controls. You can change profile privacy, real-name display settings, reflection visibility, journey visibility, and various notification settings.
- Permissions. You can manage notification, location, photo, camera, and microphone access through your device settings.
- Public content choices. If you do not want content to be public, do not post it publicly or do not switch private-first content to public visibility.
- Advertising choices. You can use available ad, browser, and device settings to limit personalized advertising where supported. Where available, the in-app Data & Ad Privacy screen exposes mobile ads privacy options, and you may contact us to request applicable statutory opt-outs.
- Translate or do not translate. Translation is feature-initiated. If you do not want selected content sent to a translation provider, do not use translation features.
To exercise privacy rights, email privacy@no-ta.app. We may need to verify your identity before fulfilling a request. In some cases, we may refuse or limit a request where permitted by law.
12. Regional Privacy Notices
12.1 EEA, UK, and Switzerland
If you are in the EEA, UK, or Switzerland, you may have rights to access, correct, delete, restrict, object to, or port your personal data, and to withdraw consent where consent is the basis for processing. You may also lodge a complaint with your local supervisory authority.
The primary controller for the Services is NOTA SOCIAL NETWORK PTY LTD, unless a product-specific notice says otherwise. For privacy questions or rights requests, contact privacy@no-ta.app.
12.2 United States, including California and other state privacy laws
Depending on your state, you may have rights to know, access, correct, delete, and obtain a portable copy of personal information, to opt out of sales, sharing, targeted advertising, certain profiling, or certain uses of sensitive personal information, and to appeal a denied request.
In the last 12 months, NO'TA has collected the categories of personal information described in Section 2, including identifiers, profile and demographic data, user-generated content, social graph data, geolocation data, device and network data, internet or app activity, commercial or advertising data, and inferences such as reputation or product-use metrics.
We collect this information from you, your device or browser, our service providers, login and notification partners, maps and translation providers, and other users or moderators interacting with your content. We disclose these categories for the business and commercial purposes described in Sections 3 through 6.
We do not knowingly sell personal information for money. If ad tech or similar tools used by NO'TA are treated as "sharing" or targeted advertising under state law, you can request an opt-out by contacting privacy@no-ta.app with the subject line "US Privacy Request". If your request is denied, you may appeal by replying to our decision email or emailing the same address with the subject line "Privacy Appeal".
California residents may also designate an authorized agent to act on their behalf, subject to verification and lawful authorization.
12.3 Brazil
If you are in Brazil, you may have rights under the Lei Geral de Protecao de Dados (LGPD), including rights to confirmation of processing, access, correction, anonymization, deletion, portability, information about sharing, and revocation of consent where consent is used. Contact privacy@no-ta.app to exercise those rights.
12.4 Canada
If you are in Canada, including provinces with substantially similar laws, you may request access to and correction of your personal information and may withdraw consent for certain processing, subject to legal and contractual limits. If you are in Quebec, you may also have additional rights under applicable law, including rights relating to portability and automated processing where required.
12.5 Australia and New Zealand
If you are in Australia or New Zealand, you may request access to or correction of personal information we hold about you, subject to lawful exceptions. We may disclose information to overseas service providers as described in this Policy. You may contact us first with any concern, and if we cannot resolve it, you may have the right to complain to the relevant regulator in your jurisdiction.
12.6 Other regions
If the law where you live gives you additional privacy rights, NO'TA will honor those rights to the extent applicable. Contact privacy@no-ta.app and identify your jurisdiction so we can apply the right framework to your request.
13. Children and Minimum Age
NO'TA is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If the law where you live sets a higher minimum age for social or consent-based services, that higher age applies. If we learn that a child below the applicable minimum age has provided personal information, we will take reasonable steps to delete or de-identify it.
If you believe a child has used NO'TA in violation of this section, contact support@no-ta.app or privacy@no-ta.app.
14. Security
We use technical, administrative, and organizational measures designed to protect personal information, including access controls, database rules, service-provider protections, passkeys, two-factor authentication, CAPTCHA, rate limits, and moderation or audit workflows. No system is perfectly secure, and we cannot guarantee absolute security.
You are responsible for safeguarding your password, passkeys, authenticator codes, device access, and any information you choose to share publicly. Please avoid posting private contact information or other sensitive personal data in public features.
15. Third-Party Services and External Links
NO'TA may link to or integrate with third-party services, including app stores, social login providers, maps providers, translation providers, cloud hosting and media delivery providers, CAPTCHA providers, AI-assisted moderation providers, ad networks, support channels, and external links shared by users. Their privacy practices are governed by their own policies, not this one.
If you click an external link, share content to another service, or otherwise leave the NO'TA environment, you should review the privacy policy of the destination service.
16. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in the Services, legal requirements, or our processing practices. If we make material changes, we may provide additional notice through the app, website, email, or other reasonable means. The "Last Updated" date at the top shows when this version was last updated.
17. Contact Us
For privacy questions, rights requests, support issues, or complaints, contact the address that matches your issue:
- Privacy and data-rights requests: privacy@no-ta.app
- General support: support@no-ta.app
- Legal notices or rights complaints: legal@no-ta.app
To help us process your request, please include your username, account email (if applicable), country or region, and a clear description of the request.