Privacy Policy – Notitask

Last updated: June 9, 2026

1. Introduction
1.1. This Privacy Policy sets out how COUBUS OÜ, Registration No.: 14419079, Address: Vesivärava tn 50-301, Tallinn, Estonia, 10152, collects, uses, manages and discloses the personal information which we receive from users of our services. Our users’ privacy is of utmost importance to us. COUBUS OÜ performs constant monitoring of data protection security and takes the protection of its users’ data very seriously. Please review our Privacy Policy below.

This Privacy Policy applies to the mobile application Notitask: Tasks & Reminders on Android (Google Play) and iOS / iPadOS (Apple App Store) (hereinafter “Notitask” or “the App”) and its related domain – https://coubus.com (COUBUS). The same Privacy Policy governs both platforms; platform-specific differences are noted inline where relevant.

2. Privacy Principles

2.1. Notitask is designed with a privacy-first approach. The App does not collect or store any personal information such as messages, contacts, or device identifiers beyond what is strictly necessary for its core functionality.
2.2. Notitask does not sell, share, or transfer any user data to third parties for advertising, marketing, or data brokerage purposes.
2.3. Notitask does not require user registration, login, or authentication to use its core features (task creation, reminders, notes).
2.4. All user-created content (tasks, notes, subtasks, tags, attachments) is stored locally on the user’s device by default. Optional cloud features — Google Drive backup and Google Calendar sync on Android (require explicit user consent and Google Sign-In), iCloud Drive backup and Apple Calendar sync on iOS (use the user’s existing iCloud session and EventKit access — no separate sign-in) — are off by default and can be toggled at any time.
2.5. Notitask requests only those permissions that are strictly necessary for its functionality, following the just-in-time (JIT) permission model recommended by Google on Android and the equivalent purpose-string / prompt-on-first-use model required by Apple on iOS.

3. Permissions Requested by the Application

To ensure proper functionality of Notitask, the App may request access to certain features of your device. Each permission is requested only when needed (just-in-time) and is used solely for its intended purpose.

3.1. Microphone Access
Used when you choose to create a task, note, or dictate a full description via voice input. Your speech is converted into text on your device or through your phone’s built-in voice recognition service (Android Speech Recognition API / Google ML Kit on Android; Apple’s on-device SFSpeechRecognizer on iOS). No voice recordings are stored or transmitted to COUBUS OÜ servers.

3.2. Notifications Access
Required to display reminders and alerts at the exact time you set. Notifications appear only for tasks you create and do not contain any sensitive information. If you enable the optional Evening Digest, the App also shows one local notification, at a time you choose, summarizing the tasks scheduled for the next day. The digest is generated entirely on your device, is turned off by default, and is never sent to COUBUS OÜ servers.

3.3. Time-Sensitive Reminder Delivery
To ensure your reminders fire at the exact time you set, the App requests platform-specific permissions: Schedule Exact Alarms on Android (so reminders trigger precisely even when the device is in battery-saving mode) and the Time-Sensitive Notifications entitlement on iOS (so important reminders pierce Focus and Do Not Disturb modes when the user has marked them as important). The App does not modify any system alarms, focus modes, or calendar events outside of its own scope.

3.4. Internet Connection
Used for the following purposes:
– Downloading voice recognition language models for offline use (Android)
– Sending anonymous crash reports through Firebase Crashlytics to improve app stability (Android only — iOS does not currently include crash reporting)
– Cloud backup: Google Drive (Android, when enabled) or iCloud Drive (iOS, when enabled)
– Calendar synchronization: Google Calendar (Android, when enabled) or Apple Calendar via EventKit (iOS, when enabled)
– AI-powered task enhancement via Google Gemini API (when initiated by the user). On iOS, requests are routed through a Cloudflare Worker proxy operated by COUBUS OÜ that holds the Gemini API credentials; the proxy forwards only the text you submitted and does not log content beyond what is required to return the response in real time.
– Displaying advertisements via Google AdMob (for free-tier users)
The App never sends your personal data, voice recordings, or task content to COUBUS OÜ servers.

3.5. Network Status
Used to check whether the device is connected to the internet before performing network-dependent actions such as backup, sync, or AI enhancement.

3.6. Location Access
Used only when you choose to attach location coordinates to a saved item (a note on Android; a note or task on iOS). The App accesses your device’s location only while you are actively using the location feature and never stores or shares your location data with third parties. You can disable this permission anytime in your device settings (Android system settings or iOS Settings → Notitask).

3.7. Background Reliability
Used to ensure reminders and notifications arrive on time. On Android, the App may request an exemption from battery optimization. On iOS, the App uses the standard Background Tasks framework (BGTaskScheduler) to top up the next-closest pending reminders when iOS grants background time; no other system settings are modified, and no background usage data is collected.

3.8. Camera Access
Used only when you choose to take a photo directly within the App to attach to a note. Photos are stored locally on the device. No images are transmitted to COUBUS OÜ servers.

3.9. Biometric / Device Credential (App Lock)
Used only if you enable the optional App Lock feature. On Android, Notitask uses the Android BiometricPrompt to require your fingerprint, face, or device PIN/pattern before the App opens. On iOS, Notitask uses Apple’s LocalAuthentication framework to require Face ID, Touch ID, or your device passcode. In both cases, authentication is performed entirely by the operating system; the App never accesses, stores, or transmits your biometric data. While App Lock is enabled, the App also marks its screen as secure to prevent its content from appearing in screenshots, screen recordings, and the recent-apps switcher. App Lock is disabled by default.

3.10. App Tracking Transparency (iOS only)
On iOS, before initialising the advertising SDK for the free tier, Notitask presents Apple’s standard App Tracking Transparency prompt asking for permission to use your device’s advertising identifier (IDFA) for cross-app advertising. You may grant or deny this at any time via iOS Settings → Privacy & Security → Tracking → Notitask. Denying the prompt does not disable the App; the App will continue to display non-personalised advertisements to free-tier users. Premium subscribers are not asked.

4. Data Storage and Security

4.1. All data created in Notitask (such as task titles, descriptions, dates, times, subtasks, tags, effort levels, and attachments) is stored locally on the user’s device by default. COUBUS OÜ has no access to this data unless the user explicitly enables cloud features.
4.2. The user may delete all stored data at any time by using the “Delete all entries” function in Settings, or by uninstalling the application.
4.3. Notitask uses standard platform security mechanisms to protect user data against unauthorized access: the Android sandbox and Keystore on Android; the iOS Data Protection API and app sandbox on iOS.
4.4. When cloud backup is enabled, user data (tasks, notes, attachments) is encrypted in transit and stored in the user’s own account in an app-controlled folder — the app-specific hidden folder in Google Drive on Android, or the Notitask container in iCloud Drive on iOS. COUBUS OÜ does not have access to either storage location.
4.5. Notitask offers an optional App Lock that protects access to the App using your device’s biometrics or PIN/pattern (BiometricPrompt on Android; LocalAuthentication / Face ID / Touch ID on iOS). This is a local, on-device security layer; no biometric or authentication data is collected or transmitted. App Lock is disabled by default.

5. Voice Input and Speech Recognition

5.1. When the user activates voice input, the App temporarily accesses the microphone to capture speech and convert it into text for creating tasks, notes, or full descriptions.
5.2. The voice data is processed by the operating system’s built-in speech recognition service — locally via Google Speech Recognition API or, where supported, offline through ML Kit libraries on Android; locally via Apple’s SFSpeechRecognizer on iOS. COUBUS OÜ does not store or transmit the audio data.
5.3. After recognition is complete, no audio is kept in the app memory or any server.
5.4. Notitask supports voice input in 21 languages. The language is determined by the app’s language setting or the device’s system language.

6. Cloud Account Integration

6.1. Notitask offers optional Google Sign-In on Android to enable the following features:
Google Drive Backup: Back up and restore your tasks, notes, and attachments to your personal Google Drive account.
Google Calendar Sync: Two-way synchronization of tasks with a dedicated “Notitask” calendar in your Google Calendar.
Google Calendar Overlay: Optional read-only display of events from your existing Google calendars inside the App’s in-app calendar. Free (Lite) users see events from the primary calendar; Pro and Max users can select multiple calendars. These events are shown for your reference only — they are never modified and are never stored on COUBUS OÜ servers. This feature is off by default and can be toggled at any time.
6.2. Google Sign-In is entirely optional. The App functions fully without it.
6.3. When you sign in, the App requests the following Google OAuth scopes:
– Drive File and App Folder access (for backup storage)
– Calendar access (read and write) — to create and synchronize tasks in the dedicated “Notitask” calendar and, when the overlay is enabled, to read and display events from your other calendars.
6.4. Your Google account credentials are managed by Google’s authentication services and are never stored by Notitask or COUBUS OÜ.
6.5. You can disconnect your Google account at any time from Settings, which revokes all associated permissions.
6.6. On iOS, Notitask integrates with the user’s existing iCloud account — no separate sign-in is required. The App uses:
iCloud Drive Backup: A JSON snapshot of your tasks and notes is written to the Notitask container inside the user’s iCloud Drive (visible to the user under Files → iCloud Drive → Notitask). Apple handles encryption in transit and at rest with the standard data protection level (or Advanced Data Protection if the user has enabled it). COUBUS OÜ has no access to this container.
Apple Calendar (EventKit) Sync: When enabled, tasks with a scheduled date are mirrored to the calendar account already set up on the device (iCloud, Google, Outlook, Exchange — whichever the user uses). Notitask only writes events corresponding to tasks the user created in the App and only reads back the event identifiers it created itself; existing personal calendar events are not read or transmitted.
6.7. Both iCloud Drive backup and Apple Calendar sync are off by default and can be toggled from Settings at any time. Disabling Apple Calendar sync stops further writes; previously created events remain in your calendar account until you delete them, or you can use the in-app “Remove all calendar events” action.

7. AI-Powered Features

7.1. Notitask offers optional AI-powered task enhancement using Google’s Gemini API. When you tap the AI button, the text of your task title and/or description is sent to Google’s Gemini API for processing. On iOS, these requests are routed through a Cloudflare Worker proxy operated by COUBUS OÜ; the proxy forwards the text to Google Gemini and returns the response in real time. On Android, the App calls the Gemini API directly.
7.2. AI processing is initiated only by explicit user action (tapping the AI icon). No data is sent automatically.
7.3. The AI feature is subject to usage limits: 25 enhancements per month for free (Lite) users and 500 per month for Pro and Max subscribers, calculated over a rolling 30-day period. Only successful requests count toward the limit, and your remaining quota is shown inside the App.
7.4. Neither COUBUS OÜ nor the Cloudflare Worker proxy store or log the content sent to or received from the Gemini API beyond what is required to deliver the response in real time. Google’s own privacy policy governs the processing of data by the Gemini API: https://policies.google.com/privacy

8. Advertising

8.1. Notitask displays advertisements via Google AdMob to free-tier users on both Android and iOS. Advertisements are removed for Pro and Max subscribers, and the AdMob SDK is not initialised for them.
8.2. Google AdMob may collect anonymized device information (such as advertising ID, device type, and general location) to serve relevant ads. This data collection is governed by Google’s privacy policy.
8.3. On iOS, Notitask requests permission to use the device’s advertising identifier (IDFA) via Apple’s App Tracking Transparency prompt before AdMob is initialised. If you deny this prompt, AdMob is initialised in non-personalised mode and serves contextual ads only.
8.4. COUBUS OÜ does not have access to the data collected by AdMob and does not use it for any purpose beyond ad serving.
8.5. Users can manage their ad preferences through their device’s Google Account settings (Android) or iOS Settings → Privacy & Security → Tracking (iOS), or by subscribing to a paid plan to remove ads entirely.

9. In-App Purchases and Subscriptions

9.1. Notitask offers optional paid plans (Monthly, Annual, and Lifetime) through Google Play Billing on Android and Apple StoreKit on iOS. All payment processing is handled entirely by the respective platform.
9.2. COUBUS OÜ does not collect, store, or have access to any payment information such as credit card numbers or billing addresses.
9.3. Purchase status is verified locally on the device — through the Google Play Billing API on Android, or StoreKit 2 transactions on iOS — and stored in the app’s local preferences.

10. Third-Party Services

10.1. Notitask integrates with the following third-party and platform services:
Firebase Crashlytics (Android only): Collects anonymous crash reports and technical diagnostics (device type, OS version, stack traces) to improve app stability. No personal or task-related content is included. iOS does not currently include crash reporting.
Google ML Kit (Android only): Provides on-device speech recognition and natural language processing. All processing occurs locally on the device.
Apple Speech Framework (iOS only): Provides on-device speech recognition via SFSpeechRecognizer. All processing occurs locally on the device.
Google AdMob (both platforms): Serves advertisements to free-tier users. Subject to Google’s privacy policy. On iOS, only initialised after App Tracking Transparency consent has been resolved.
Google Drive API (Android only): Used for optional cloud backup. Data is stored in the user’s own Google Drive account.
iCloud Drive (iOS only): Used for optional cloud backup. Data is stored in the user’s own iCloud account inside the Notitask container. COUBUS OÜ has no access.
Google Calendar API (Android only): Used for optional calendar synchronization and the read-only event overlay. Events are created in the user’s own Google Calendar, and existing events are read only to display them inside the App.
Apple EventKit (iOS only): Used for optional one-way mirror of Notitask tasks into the user’s already-configured device calendar account (iCloud, Google, Outlook, Exchange). Existing personal events are not read or transmitted.
Google Gemini API (both platforms): Used for optional AI task enhancement. On iOS, accessed via a Cloudflare Worker proxy operated by COUBUS OÜ. Subject to Google’s privacy policy.
Cloudflare Workers (iOS only): A serverless proxy that fronts the Gemini API on iOS so the API key does not need to ship inside the iOS app bundle. The proxy validates the request originates from Notitask and forwards the text to Google Gemini; it does not store the request or response content.
10.2. No personal or task-related content is transmitted to any third party without explicit user action.

11. User Control and Data Rights

11.1. The user can revoke any permission (microphone, notifications, location, camera, App Tracking Transparency on iOS) at any time in the operating system’s settings — Android system settings on Android, or iOS Settings → Notitask on iOS.
11.2. Users can delete all tasks, notes, and app data at any time using the “Delete all entries” function in the App.
11.3. Users can disconnect their Google account from Settings on Android, which stops backup and calendar sync. On iOS, users can disable iCloud Drive backup and Apple Calendar sync individually from Settings; iCloud itself remains under the user’s control in iOS Settings.
11.4. Users can reset statistics independently from task data.
11.5. Uninstalling the App permanently removes all locally stored user-created data. Data stored in Google Drive or iCloud Drive (backups) remains in the user’s own account and can be managed through Google Drive settings or the Files app → iCloud Drive → Notitask respectively.
11.6. How to delete your data (Notitask, by COUBUS OÜ):
(a) Data on your device — tasks, notes, subtasks, tags, attachments and settings: open Notitask, open the menu (⋮ on Android, ⋯ on iOS), tap “Delete all entries” and confirm. This permanently removes the data from your device. Uninstalling the App also deletes all locally stored data.
(b) Data processed off your device: to request deletion of crash logs and analytics (collected via Firebase on Android, retained up to 90 days and then deleted automatically) or AI-feature requests (not stored long-term on either platform), email [email protected].
(c) Google Drive backups and Google Calendar data remain in your own Google account — manage or delete them directly in Google Drive or Google Calendar.
(d) iCloud Drive backups and Apple Calendar events (iOS) remain in your own iCloud / device calendar account — manage or delete them directly in the Files app → iCloud Drive → Notitask, or in the Apple Calendar app.
11.7. Users may also request information about their personal data by contacting us at [email protected].

12. Children’s Privacy

12.1. Notitask is not directed to children under 13 years of age, and COUBUS OÜ does not knowingly collect any personal data from children under 13.
12.2. If we become aware that we have inadvertently collected personal data from a child under 13, we will take immediate steps to delete such data.

13. Changes to this Privacy Policy

13.1. We will review and may update this Privacy Policy from time to time to reflect changes in the App’s features, applicable laws, or our business practices. Any changes will become effective when we post the revised version on this page: https://coubus.com/privacy-policy-notitask/
13.2. We encourage users to periodically review this Privacy Policy for updates. Material changes will be highlighted in the App’s release notes on both Google Play and the Apple App Store.

14. Compliance with European Union Regulations (GDPR)

14.1. Notitask is fully committed to complying with the General Data Protection Regulation (EU) 2016/679 (GDPR) and other applicable data protection laws of the European Union.
14.2. Legal basis for processing: Where Notitask processes personal data, the legal basis is either (a) the user’s explicit consent (e.g., enabling Google Sign-In or iCloud Drive backup, granting App Tracking Transparency on iOS), (b) the performance of a contract (e.g., providing the app’s core functionality and paid subscriptions), or (c) legitimate interest (e.g., crash reporting on Android to maintain app stability).
14.3. Data minimization: Notitask collects only the minimum data necessary for each feature. Core features operate entirely offline with no data transmission.
14.4. Right of access: Users may request a copy of any personal data associated with their use of the App.
14.5. Right to erasure: Users may delete all their data at any time through the App’s settings or by uninstalling the App (see Section 11).
14.6. Right to data portability: Users can export their tasks and notes in JSON, CSV, or iCal format (CSV and iCal available to Pro subscribers). The JSON format is byte-compatible between Android and iOS, so users moving between platforms can carry their data with them.
14.7. Data Protection Officer: For GDPR-related inquiries, please contact us at [email protected].
14.8. COUBUS OÜ does not engage in profiling, automated decision-making, or cross-border transfer of personal data to countries outside the EU/EEA, except where data is processed by Google services or Cloudflare (governed by Standard Contractual Clauses and the EU-US Data Privacy Framework).
14.9. Users have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or their local supervisory authority.

15. Compliance with Other Jurisdictions

15.1. California (CCPA/CPRA): Notitask does not sell or share personal information as defined under the California Consumer Privacy Act. California residents have the right to know what data is collected and to request its deletion.
15.2. Brazil (LGPD): Users in Brazil have the same rights as described under GDPR, including access, correction, and deletion of personal data.
15.3. United Kingdom (UK GDPR): Notitask complies with the UK General Data Protection Regulation and the Data Protection Act 2018.

16. Contact Information

16.1. If you have any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, please contact us at:
[email protected]
COUBUS OÜ
Vesivärava tn 50-301
Tallinn, Estonia, 10152
Registration No.: 14419079