NiniNote Privacy Policy

Last Updated: May 12, 2026
Effective Date: May 12, 2026

Welcome to NiniNote (the "App", "we", "us", or "our"). We take your privacy seriously and want to be transparent about what we collect, why, and how you stay in control. This policy applies to the NiniNote mobile application and the website nininote.com.

1. Who This App Is For

NiniNote is designed for users aged 13 and above. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at nini@nininote.com and we will delete it promptly.

2. Information We Collect

2.1 Information You Provide Directly

Account information: username, password (hashed, never stored in plain text), display name, signature, profile avatar, email address (if you sign in with Google or use email-based password reset).
User-generated content: diary entries, photos, videos, voice messages, drawings, flashcards, countdowns, movie records, friend records, bill/expense entries, weight records (including body measurement data), and any content stored in your encrypted "Vault".
Communication content: messages, voice notes, photos, and videos you send to friends through the in-app chat feature.
Friend relationships: friend list, friend requests, block list, contact metadata you choose to record about your friends.
Financial records (locally entered): expense categories, amounts, and receipt photos you record for personal budgeting. We never access your bank or credit card accounts directly.
Feedback: any feedback you submit to us through the App.

2.2 Information Collected Automatically

Device information: device model, brand, operating system version, language preference, time zone, app version.
Session information: IP address, login time, device session ID for security purposes (so you can see active sessions and log out remote devices).
Push notification token (FCM token): a unique identifier issued by Firebase Cloud Messaging used to deliver notifications to your device.
Crash and diagnostic data: anonymized logs when the App crashes, to help us fix bugs.

2.3 Information We Do NOT Collect

We do not collect precise location data (GPS).
We do not collect your contact list.
We do not access your call history or SMS.
We do not collect biometric data on our servers (fingerprint/face unlock is processed entirely on your device by the system).

3. Why We Need Each Permission

Permission	Purpose
Camera	Take photos for diary, avatar, chat, expense receipts, and friend profiles.
Photos / Media (READ_MEDIA_IMAGES / VIDEO / AUDIO)	Select existing photos and videos from your device to attach to entries or chats.
Microphone (RECORD_AUDIO)	Record voice messages in chats and audio for video clips.
Notifications (POST_NOTIFICATIONS)	Deliver chat messages, countdown reminders, and friend request alerts.
Biometric (USE_BIOMETRIC)	Optional. Unlock locked menus (diary, vault, etc.) using fingerprint or face. The biometric data never leaves your device.
Exact alarms (SCHEDULE_EXACT_ALARM)	Trigger countdown notifications at the precise time you set.
Boot completed	Restore your scheduled countdown notifications after a device reboot.
Internet	Sync your data, send/receive messages, process purchases.

4. How Your Data Is Stored and Protected

All network traffic between the App and our servers uses HTTPS (TLS) encryption.
Your data is stored on private, access-controlled cloud servers.
Content in the Vault module is encrypted with AES on the client side before transmission, using a key derived from your password. We cannot read Vault contents.
Passwords are stored as one-way salted hashes.
Chat messages are automatically deleted from our servers after 30 days.
Media files (photos/videos/voice) in chats follow the same 30-day retention.

5. How We Use Your Data

To provide and operate the App's features.
To sync your content across your devices (up to 3 active sessions).
To deliver messages between you and your friends.
To process in-app purchases through Google Play Billing.
To send you notifications you've opted into.
To respond to your support requests and feedback.
To detect abuse, fraud, and policy violations.
To comply with legal obligations.

We never sell your personal data to third parties. We never use your private content (diary, chat, vault, etc.) for advertising or AI training.

6. Sharing of Data

We only share data with the following categories of recipients:

Other users you choose to interact with: friends you add can see the information you share with them (your nickname, avatar, messages you send them).
Google Play Services: for processing in-app purchases. We do not see or store your payment card details.
Firebase (Google): for push notification delivery and crash reporting.
Cloud infrastructure providers: for hosting your data securely.
Legal authorities: only when required by valid legal process.

7. User-Generated Content and Community Safety

Our chat and friend-related features allow user-to-user interaction. To keep NiniNote safe:

You can block any user at any time from their profile or our settings.
You can report inappropriate users or messages directly from the chat or profile. Reports are reviewed by our team within 72 hours.
We have a zero-tolerance policy for child sexual abuse material (CSAM), harassment, hate speech, and illegal content.
Violating accounts may be suspended or permanently banned without prior notice.
We may remove content that violates our policies or applicable law.

8. Your Rights and Choices

You have the right to:

Access your data: most of it is visible directly in the App.
Correct your data: edit it anytime through the App.
Export your data: use the "Data Export" feature inside Settings to download a copy.
Delete your account and all associated data.
Withdraw consent: revoke individual permissions in your device settings.
Lodge a complaint with your local data protection authority.

9. Account Deletion and Data Retention

You can request account deletion at any time through Settings → Account Security → Delete Account inside the App, or by emailing nini@nininote.com.

Upon submission:

Your account is immediately suspended and signed out from all devices.
There is a 15-day grace period during which you may cancel the deletion request by contacting us.
After 15 days, all your personal data is permanently and irreversibly deleted from our active systems, including diaries, chats, vault contents, photos, videos, friend records, bills, and account information.
Anonymized aggregate data (e.g., total signup counts) may be retained for statistical purposes.
Backup copies are purged within an additional 30 days.

If you want to delete your account without installing the App, visit https://nininote.com/privacy#delete for instructions.

10. International Data Transfers

Your data may be processed in countries other than your own. We ensure equivalent protection through standard contractual safeguards and access controls.

11. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify you through an in-app notification or via email at least 7 days before the changes take effect. The "Last Updated" date at the top of this page always reflects the most recent revision.

12. Contact Us

If you have any questions, complaints, or requests about this Privacy Policy or your data:

Email: nini@nininote.com
Website: https://nininote.com

We respond to all inquiries within 7 business days.