Privacy Policy
Effective date: April 1, 2026
Last updated: April 1, 2026
1. Overview
Redixa is built on a simple principle: your notes are yours. The application is designed so that your note content never leaves your device. This document explains what data we do and do not collect.
2. What We Do NOT Collect
- The content of your notes, projects, or groups
- Your writing, ideas, or any text you create inside the app
- AI prompts or outputs generated on your device
- Your graph structure, tags, or link relationships
All note content is stored locally on your device and processed by an on-device AI model. It is never transmitted to our servers.
3. What We Collect
3.1 Account Data
When you create an account, we collect:
- Email address — used for authentication and transactional emails (e.g., receipts, password reset)
- Password hash — we store a cryptographic hash, never your plaintext password
- Account creation timestamp
- Subscription status — active, expired, trial, etc.
3.2 Sync Metadata
If you use cross-device sync, we store encrypted synchronization metadata:
- Device identifiers (randomly generated, not linked to hardware)
- Last sync timestamp per device
- Structural metadata needed for conflict resolution (e.g., note order, group membership)
Sync metadata is encrypted at rest. We do not have access to the content it describes.
3.3 Usage Data
We may collect minimal, aggregated telemetry:
- App version and operating system
- Crash reports (no content included)
- Feature usage counts (e.g., "Redix It" was triggered N times)
You can opt out of telemetry in the app settings. Crash reporting is opt-in on first launch.
3.4 Payment Data
Payments are processed by third-party providers (e.g., Stripe, Google Play, App Store). We do not store full payment card details. We receive:
- Subscription status and renewal dates
- Country of purchase (for tax purposes)
- A tokenized reference from the payment provider
4. How We Use Your Data
| Purpose | Data used |
|---|---|
| Authentication | Email, password hash |
| Subscription management | Email, subscription status, payment reference |
| Sync service | Device ID, sync timestamps, encrypted metadata |
| Transactional emails | |
| Product improvement | Aggregated, anonymized telemetry |
| Legal compliance | As required by applicable law |
We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.
5. Data Storage and Security
- Account and sync data is stored on encrypted servers.
- Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Access to production systems is restricted to authorized personnel.
- We use industry-standard practices for key management and access control.
6. Data Retention
- Account data: retained while your account is active. Deleted within 30 days of account deletion request.
- Sync metadata: deleted upon account deletion or device removal.
- Telemetry: aggregated and anonymized; individual records retained for up to 90 days.
- Backups: may be retained for up to 60 additional days after deletion for disaster recovery purposes.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your account and associated data
- Export your account data in a portable format
- Opt out of telemetry collection
To exercise these rights, contact us at privacy@redixa.io.
8. Children's Privacy
Redixa is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
9. Third-Party Services
We use the following third-party services. Each has its own privacy policy:
| Service | Purpose |
|---|---|
| Stripe / App Store / Google Play | Payment processing |
| Resend | Transactional email delivery |
We choose third-party providers carefully and limit the data we share with them to what is necessary.
10. Changes to This Policy
We may update this policy from time to time. If changes are material, we will notify you by email or in-app notice at least 14 days before the change takes effect. Continued use of the app after the effective date constitutes acceptance of the updated policy.
11. Contact
Redixa
Email: privacy@redixa.io
Website: https://redixa.io