Privacy Policy

Effective Date: May 14, 2026

Welcome to Life Note! Your privacy is of utmost importance to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our journaling app and website www.mylifenote.ai. By accessing or using our services, you agree to this Privacy Policy.

1. Information We Collect

1.1 Data Collection Categories

Personal Data:

Email address (for account creation and communication)
Name (optional, for personalization)
Profile information (optional)
Journal entries and content you create

Usage Data:

Device information (model, operating system version)
App usage statistics
IP address
Access times and interaction data

1.2 Data Usage Transparency

Required Data: Email address is required for account creation and essential app functionality.

Optional Data: Profile information and additional personal details are optional and can be modified or removed at any time.

1.3 Third-Party Data Collection

Google Sign-In (authentication)
RevenueCat (payment processing)
Analytics tools (app performance and usage statistics)

2. How We Use Your Information

2.1 Core Functionality

Process and store your encrypted journal entries
Provide personalized journal insights and responses
Maintain and improve our services
Handle customer support requests

2.2 App Store Services

Process in-app purchases and subscriptions through Apple App Store and Google Play Store
Manage subscription status and renewals
Handle refund requests and subscription changes

2.3 Communication

Send essential service updates and notifications
Provide customer support and respond to inquiries
Send subscription-related notifications (renewal reminders, payment confirmations)

2.4 Analytics and Improvements

Analyze app usage patterns to improve features (using anonymized data)
Monitor app performance and stability
Detect and prevent technical issues

2.5 Our Commitment to Your Data

Life Note is committed to protecting your privacy and maintaining your trust. We want to be clear about our stance on data handling:

No Data Sales: We do not and will never sell your personal data to third parties as part of our business model
Limited Data Sharing: Your data is only shared with third-party service providers when necessary for core app functionality (such as authentication and payment processing)
Data Minimization: We only collect and retain information that is essential for providing and improving our services

3. Data Security

3.1 Data Encryption

We use industry-standard encryption to protect your data:

Journal Entries: All journal entries are encrypted using AES-256 encryption before being stored on our servers
End-to-End Encryption: Your journal content is encrypted on your device before transmission and can only be decrypted with your unique encryption key
Secure Storage: Encryption keys are securely stored on your device and never transmitted to our servers

3.2 Additional Security Measures

Secure HTTPS connections for all data transfers
Regular security audits and updates
Secure data backups with encryption

While we implement these security measures, no method of transmission over the internet or electronic storage is 100% secure. We strive to use commercially acceptable means to protect your personal data but cannot guarantee its absolute security.

4. Third-Party Services

We integrate with the following third-party services:

Authentication: Google Sign-In (for account authentication)
Analytics: Google Analytics (usage patterns and app performance), Sentry (error tracking and app stability)
Payments: RevenueCat (subscription management), Apple Pay (iOS in-app purchases), Google Pay (Android in-app purchases)

Each third-party service operates under its own privacy policy. We encourage users to review these policies:

5. Cookies and Tracking Technologies

5.1 Mobile App Tracking

For our mobile applications:

We respect your device's App Tracking Transparency (ATT) settings
You can control app tracking permissions in your device settings
We only collect analytics data necessary for app functionality and improvement

5.2 Website Cookies

For our website:

Essential cookies for basic website functionality
Analytics cookies to understand usage patterns (can be disabled)
You can manage cookie preferences through your browser settings

6. Subscriptions and In-App Purchases

Our app offers subscriptions and in-app purchases processed through the Apple App Store and Google Play Store:

Payment Processing: All payments are processed by Apple App Store or Google Play Store. We do not directly collect or store your payment information. Subscription management is handled through your device's app store settings.
Subscription Data: We use RevenueCat to manage subscription states. Only subscription status and transaction IDs are stored. No credit card or payment details are stored on our servers.
Cancellation and Refunds: Manage subscriptions through your device's app store settings. Refund requests should be directed to the respective app store. Cancellation will take effect at the end of the current billing period.

7. Your Rights

You have the right to access, correct, or delete your personal data. You can also object to or restrict certain processing of your data. To exercise these rights, please contact us at daniel@mylifenote.ai.

8. Children's Privacy

Our services are not intended for individuals under the age of 13 (or the applicable age in your country). Specifically:

We do not knowingly collect or solicit personal information from children under 13
Users must be 13 years or older to create an account
If we learn that we have collected personal information from a child under 13, we will immediately delete that information, terminate the associated account, and take preventive measures to avoid future collection

Parents or guardians who believe we might have collected information from a child under 13 should contact us immediately at daniel@mylifenote.ai.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by updating the "Effective Date" at the top of this policy. You are advised to review this Privacy Policy periodically for any changes.

10. Account Deletion

To delete your Life Note account and associated data, please follow these steps:

Send an email to daniel@mylifenote.ai with the subject line "Account Deletion Request"
Include your registered email address in the email body
We will process your request within 7 business days

Data Deletion Details:

We will permanently delete all your personal information, including account information (name, email, profile picture), journal entries and responses, usage history and preferences, and any other user-generated content
Data Retention: Some information may be retained for legal compliance (up to 30 days), aggregate analytics (anonymized), and backup purposes (up to 90 days)

11. AI Agent Connections

Life Note can be connected to external AI agents and clients you use — including Claude.ai, Claude Desktop, Claude Code, Cursor, ChatGPT (Pro / Team / Enterprise), and other applications that implement the Model Context Protocol (MCP). When you connect one of these agents, the following terms apply:

What an Agent Can Access:

Read-only access to your journal entries (decrypted server-side), your mentor responses, your past mentor conversations, your saved Wisdom (highlighted passages), your Practices and Quests, your Life Goal, and your Yearly Goal.
Each connected agent operates under a separate, scoped access token issued specifically to that agent.

What an Agent Cannot Do:

Write to, modify, or delete your journal, settings, payment information, or any other Life Note data.
Access data belonging to other Life Note users. Every query is structurally scoped to your user ID.
Share your data with other agents, other users, or third parties beyond the agent you explicitly authorized.

How Connections Are Authorized:

Every agent connection requires your explicit approval via a browser-based OAuth flow or a device-authorization flow that you confirm in your browser.
You see exactly what permissions ("scopes") you are granting before approving.
We send you an email each time a new agent connection is approved on your account, so you have a permanent record.

Data Sent to Third-Party AI Models:

When you ask a connected agent a question, that agent's underlying model (operated by Anthropic, OpenAI, etc.) may process the responses Life Note returns in order to answer you. This is governed by the privacy policy of the AI provider you are using.
Life Note does not control how Anthropic, OpenAI, Google, or other AI providers handle the data they process on your behalf. Please review their privacy policies separately.
Life Note does not sell your data, share it with AI providers for training, or use your data to train models. Your journal content is yours.

Your Rights and Controls:

Revocation: You can disconnect any individual agent — or disconnect all agents at once — at any time at mylifenote.ai/settings/agents. Revocation takes effect within seconds.
Activity log: You can review the most recent 30 days of agent activity (which agent, which endpoint, when) at the same Settings page.
Audit: All agent requests are logged server-side for security forensics, with bounded retention (90 days).

Data Security for Agent Connections:

All agent traffic is served over HTTPS with TLS.
Access tokens are hashed at rest using SHA-256; the plaintext token is shown to your client exactly once at issuance.
Access tokens have a 1-hour lifetime and refresh tokens have a 30-day lifetime. Refresh tokens rotate on every use; reuse of an already-rotated refresh token automatically invalidates the entire token family as a leak-detection measure.
Per-token, per-IP, and per-user rate limits prevent abuse.

If you have questions about how a specific agent connection handles your data, please contact us at daniel@mylifenote.ai.

12. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

Email: daniel@mylifenote.ai