SteelNotes Privacy Policy
This Privacy Policy describes how Pitts Ventures LLC ("we," "us," or "our") collects, uses, and shares information when you use the SteelNotes mobile application (the "App"). By using the App, you agree to the practices described here.
This is not legal advice and has not been reviewed by a lawyer. You should have an attorney review it before publishing.
1. Who we are
SteelNotes is operated by Pitts Ventures LLC, a Florida limited liability company. You can contact us at admin@steelnotes.app.
2. Where the App is available
The App is currently available only in the United States and Canada. We do not intend to offer the App to users in the European Economic Area, the United Kingdom, or other jurisdictions outside the US and Canada. If you are accessing the App from outside the US or Canada, please do not use it.
3. Information we collect
Account information. When you create an account, we collect:
- If you sign in with Apple: a unique Apple identifier, optionally your email address (which may be a private relay address generated by Apple), and authentication metadata (issuer, audience, expiration).
- If you sign up with email and password: your email address and a cryptographic hash of your password (we never store the password itself).
- A six-digit verification code sent to your email during signup, valid for 15 minutes.
Authentication tokens. We issue short-lived access tokens (1 hour) and refresh tokens (30 days, stored as cryptographic hashes on our servers) to keep you signed in across devices.
Your content. SteelNotes is a note-taking app. We store the notes you create, including:
- Markdown text files
- Image attachments, including photos of book pages or other documents you capture
- Voice memo audio files
- AI-generated extraction results (text excerpts and metadata produced from your captures)
Push notification tokens. If you enable push notifications, Apple provides us a device-specific token used to deliver notifications. We do not use this token for advertising or tracking.
Server logs. Our servers log technical information necessary to operate and debug the service, including your user ID, note and capture identifiers, storage object keys, and processing metadata such as durations and sizes. We do not log the contents of your notes, transcripts, images, or AI output. Server logs are retained in AWS CloudWatch for approximately 30 days.
What we do not collect. We do not use third-party analytics, crash reporting, advertising, or attribution SDKs. We do not collect device advertising identifiers. We do not track you across other apps or websites.
4. How we use your information
We use your information solely to operate the App: to authenticate you, sync your notes across your devices, run the AI features you request, deliver push notifications, and maintain the service. We do not sell your information, use it for advertising, or use it to train our own AI models.
5. AI processing of your content
When you use SteelNotes' capture features, your note content is sent to third-party AI providers to extract text and generate excerpts:
- Image captures (photos of book pages and similar) are sent to Anthropic via Amazon Bedrock (using Claude Haiku 4.5 by default, or Claude Sonnet 4.6 if selected). If you select Google Gemini in settings, or as a cross-cloud fallback, images may instead be sent to Google via the Gemini API (gemini-2.5-flash-lite).
- Voice memos are sent to Amazon Transcribe to produce a text transcript.
Per AWS's terms, content sent to Amazon Bedrock and Amazon Transcribe is not used to train AWS or model-provider models. Google's Gemini API is governed by Google's terms; please review those terms before enabling Gemini in settings.
We will surface this AI processing in the App before your first capture so you can make an informed choice.
6. Where your information is stored
All servers and storage are operated by Amazon Web Services in the us-east-1 region (Northern Virginia, USA). Specifically:
- Account and metadata: Amazon RDS (PostgreSQL)
- Note files, attachments, and AI results: Amazon S3
- Background processing: AWS Lambda and Amazon SQS
- Push delivery: Amazon SNS
- Voice transcription: Amazon Transcribe
- AI inference: Amazon Bedrock (and Google Gemini API for users who opt in)
On your device, notes are stored locally in the App's sandbox using SQLite and a local vault directory. We do not use iCloud, CloudKit, or file-provider extensions.
7. How long we keep your information
- Account information: for as long as your account exists. Account database records are also retained in encrypted database backups for up to 7 days after deletion before being overwritten.
- Note files (Markdown content) stored in Amazon S3: retained until you delete the note or close your account. Not subject to automatic time-based deletion.
- Image attachments (photos and other images you attach to notes): retained as part of your notes until you delete the attachment, the note, or your account. Not subject to automatic time-based deletion.
- Voice memo audio: automatically deleted from our servers after the audio has been transcribed. The resulting transcript is saved into your note and retained with it.
- AI extraction result files (intermediate JSON produced during processing, before being merged into your notes): approximately 30 days, after which they are automatically deleted. The final extracted content saved into your notes is retained as part of your note files above.
- Refresh tokens: up to 30 days from issuance.
- Server logs: retained in AWS CloudWatch for approximately 30 days.
When you delete your account (see Section 9), we delete your stored content from our active systems within 30 days. Database records may persist in encrypted backups for up to 7 additional days before being overwritten. Files stored in Amazon S3 (notes, attachments, voice memo audio) are deleted immediately and not retained in backups.
8. Who we share information with
We share information only with the service providers ("subprocessors") that operate the infrastructure of the App:
| Subprocessor | Purpose | Location |
|---|---|---|
| Apple Inc. | Sign in with Apple, push notification delivery (APNs) | USA |
| Amazon Web Services | Hosting, storage, queuing, push, transcription, AI inference | us-east-1, USA |
| Anthropic (via AWS Bedrock) | AI image and text processing | us-east-1, USA |
| Google LLC | AI image processing (only if you opt in or as fallback) | USA |
We do not sell your personal information. We do not share your information with advertisers, data brokers, or analytics companies.
We may disclose information if required by law, valid legal process, or to protect our rights, your safety, or the safety of others.
9. Your choices and rights
Access and export. You can export your full vault at any time using the in-app export feature.
Deletion. You can delete individual notes inside the App. To delete your entire account and all associated content, open the App, go to Settings → Account → Delete Account, and confirm. Account deletion removes your authentication records, devices, refresh tokens, and stored content from our active systems within 30 days. You may also request deletion by emailing admin@steelnotes.app from the email address associated with your account.
California residents. Under the California Consumer Privacy Act, you have rights to know, delete, correct, and limit the use of your personal information, and to not be discriminated against for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising. To exercise your rights, contact us at admin@steelnotes.app.
Other US states. Residents of states with comprehensive privacy laws (including but not limited to Virginia, Colorado, Connecticut, Utah, and Texas) have similar rights. Contact us at admin@steelnotes.app to exercise them.
10. Security
We use industry-standard measures to protect your information, including encryption in transit (TLS), password hashing (Argon2id), refresh token hashing (SHA-256), and access controls on our infrastructure. No system is perfectly secure, and we cannot guarantee absolute security.
11. Children
The App is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us information, contact us at admin@steelnotes.app and we will delete it.
Users between 13 and 18 must have a parent or guardian's permission to use the App, and the parent or guardian agrees to be bound by our Terms of Service on the minor's behalf.
12. Changes to this policy
We may update this policy from time to time. If changes are material, we will notify you in the App or by email before the changes take effect. The "Last updated" date at the top reflects the most recent revision.
13. Contact
Pitts Ventures LLC
719 North Rd
Jupiter, FL 33458
admin@steelnotes.app