Privacy Policy

1. Introduction

Void Note ("the App", "we", "our") is a privacy-focused note-taking application developed by GreenIcePhoenix ("Developer", "I"). This Privacy Policy explains what data the App accesses, what it does with that data, and what data it never touches.

This policy applies to the Void Note Android application (package com.greenicephoenix.voidnote) and this website (voidnote.app). It does not apply to third-party services you may link to from the App or website.

By using the App, you agree to this Privacy Policy. If you disagree with any part of this policy, please uninstall the App. You can also delete all App data via Android Settings → Apps → Void Note → Clear Data.

2. Data We Do Not Collect

The following categories of data are never collected, transmitted, or processed outside your device:

• Note content — your note titles, text, checklists, tags, and formatting
• Media files — images and voice recordings attached to notes
• Personal identifiers — name, email address, phone number, device ID
• Location data — the App does not request or access location at any time
• Usage analytics — which features you use, how often, or for how long
• Crash data — crash reports, error logs, or diagnostics
• Advertising identifiers — AAID or any advertising-related identifier
• Contacts, calendar, or other device data — the App does not access these
• Biometric data — fingerprint and face recognition is handled entirely by Android's BiometricPrompt API. The App never receives or stores the biometric data itself.

We have no backend server. There is no Void Note API. There is no account system (for core features). Your data physically cannot leave your device through Void Note unless you explicitly use the export feature.

3. Data Stored Locally On Your Device

The App stores the following data locally on your device. This data is encrypted and never transmitted to any server:

• Note database — stored in a Room (SQLite) database. All note titles and content are encrypted with AES-256-GCM before being written to the database. The database file itself is stored in the App's private data directory, which Android prevents other apps from accessing.
• Encrypted media files — images and audio recordings attached to notes are encrypted as .enc files stored in the App's private file directory. They are never written to shared storage (Downloads, DCIM, etc.).
• App preferences — theme selection, sort order, biometric lock preference, and vault salt are stored in Android DataStore (encrypted). No personally identifiable information is stored in preferences.
• Encryption keys — the master encryption key is stored in Android Keystore (hardware-backed on supported devices). This key is protected by your vault password or biometric. It cannot be extracted from the device.

4. Android Permissions

The App requests the following permissions. Each is explained below:

• USE_BIOMETRIC / USE_FINGERPRINT — allows the App to show Android's biometric authentication prompt. The App receives only a success/failure result; your biometric data is never accessible to the App.
• CAMERA — allows capturing photos to attach to notes. Photos are immediately encrypted and stored privately. This permission is only requested when you tap "Take Photo" inside a note. You can decline it and still use gallery images.
• RECORD_AUDIO — allows recording voice memos to attach to notes. Recordings are immediately encrypted and stored privately. This permission is only requested when you tap the voice recording button inside a note. You can decline it and still use all other features.
• READ_MEDIA_IMAGES (Android 13+) / READ_EXTERNAL_STORAGE (Android 12 and below) — allows selecting images from your photo gallery to attach to notes. No images are copied to permanent storage unless you explicitly add them to a note.
• INTERNET — used solely to check for App updates on GitHub (api.github.com/repos/NRoy9/VoidNote/releases/latest). This request includes no personal data. No note data is ever sent over the internet.
• RECEIVE_BOOT_COMPLETED — allows WorkManager to schedule the daily trash cleanup job that runs after device restart. No data is transmitted; this runs entirely locally.

5. GitHub Update Checker

The App contacts the GitHub API once at startup to check whether a newer version is available. The request is: GET https://api.github.com/repos/NRoy9/VoidNote/releases/latest

This request contains no personal data from your device. GitHub's own privacy policy governs their handling of your IP address for this request. The dismissed-version preference is stored locally in DataStore and is never sent anywhere.

When the App is published to Google Play, the update checker will be replaced by the Play In-App Update library, which operates under Google Play's privacy policy.

6. Google Drive Backup (Future Feature)

A future premium version of Void Note will offer optional Google Drive backup. This section documents how that feature will work when it is released:

• Cloud backup will be entirely optional and requires explicit opt-in.
• Note data will be encrypted on your device before being uploaded. The encryption key never leaves your device. Google cannot read your notes.
• Google Sign-In and Drive access will be governed by Google's Privacy Policy.
• You can revoke the App's Drive access at any time via Google Account settings.

This feature does not exist yet. If you are using the current version of Void Note, no Google Drive connection is active.

7. Children's Privacy

Void Note does not knowingly collect personal information from children under the age of 13 (or the applicable age of digital consent in your jurisdiction). The App does not collect any personal data at all, as described in Section 2.

The App is rated for Everyone on Google Play and is suitable for all ages.

8. Data Security

The App takes significant measures to protect your note data:

• AES-256-GCM authenticated encryption for all note content
• Hardware-backed Android Keystore for master key storage
• PBKDF2 key derivation — your vault password is never stored
• App-private file storage — other apps cannot access your notes
• Biometric/PIN authentication before decryption

Because all data is stored locally, the security of your notes ultimately depends on the security of your physical device. We recommend enabling device screen lock and a strong vault password.

9. Your Data Rights

Because all your data is stored locally on your device, you have complete control:

• Access: Your notes are in the App. Open it and read them.
• Export: Settings → Data Management → Export Backup. You receive a complete encrypted backup.
• Deletion: Settings → Data Management → or Android Settings → Apps → Void Note → Clear Data. This is permanent and irreversible.
• Portability: Exported notes can be decrypted and read. The backup format is documented on GitHub.

Since we hold no personal data on any server, we cannot provide data access requests in the traditional sense — there is nothing on our end to provide.

10. Changes to This Policy

This Privacy Policy may be updated when new features are added (particularly cloud backup). Changes will be:

• Posted on this page with an updated "Last Updated" date
• Announced in the App's changelog (visible in Settings → About → Changelog)
• Tagged in the GitHub repository releases

Continued use of the App after a policy update constitutes acceptance of the new policy. If you disagree with any change, you may stop using the App and delete all App data.

11. Open Source Transparency

Void Note's source code is publicly available on GitHub at github.com/NRoy9/VoidNote. You can audit exactly what the App does with your data by reading the code. We encourage this. Transparency is the point.