Privacy Policy
Effective date: 16 May 2026
This Privacy Policy explains what information is collected, used, stored, and shared in connection with the Trimnote mobile application and the website at https://trimnote.app (together, the “Service”), operated by the developer of Trimnote (“we”, “us”, “our”). By using the Service, you agree to the practices described here. This Policy should be read together with our Terms of Use.
1. Summary
- The application does not require an account. We do not ask for your name, email, phone number, or password.
- Your notes, drawings, questions, and PDFs are stored locally on your device by default.
- The website may use Microsoft Clarity to understand anonymous traffic and interactions, only when explicitly enabled.
- When you use AI Features, your content may be transmitted to third-party AI providers (e.g. OpenAI, Anthropic, Google) and may be used by them or by us for processing, evaluation, and model improvement.
- The Service does not make automated decisions that produce legal or similar significant effects on you.
- Crash and basic device diagnostics may be collected via Google Play services.
2. Who We Are (Data Controller)
For the purposes of applicable data-protection laws — including the EU/UK General Data Protection Regulation (GDPR) and Türkiye's Personal Data Protection Law (KVKK, No. 6698) — the data controller is the developer of Trimnote, contactable at hbaihightech@gmail.com.
3. Information We Process
3.1 Information stored on your device.
Notes, drawings, handwritten input, questions, imported images, imported PDFs, settings, and any other content you create or import (“User Content”) are stored locally on your device by the application. We do not access this data unless you explicitly send it to a feature that requires server-side processing (such as an AI Feature, see Section 5).
3.2 Information processed when you use AI Features.
When you use AI Features, the application transmits the User Content you are working with (or relevant portions of it, such as the current note, drawing, PDF text, image, or prompt) to third-party AI service providers in order to generate a response. See Section 5.
3.3 Information processed by the website.
Like most websites, our hosting provider (Cloudflare) and any enabled analytics service may automatically collect limited technical information when you visit trimnote.app, such as:
- IP address (truncated or anonymised where supported);
- browser type, version, and language;
- device and operating system;
- referring URL, requested URL, and timestamp;
- basic interaction data such as page views, clicks, scrolls, and session recordings only if Microsoft Clarity is enabled (see Section 4).
3.4 Information from app stores.
When you download the application from Google Play, Google may share aggregated install, crash, and performance statistics with us. We do not receive your name, email, or Google account details from these reports unless you contact us directly.
3.5 Information you choose to provide.
If you email us, we receive the content of your message and your email address. We use this only to respond to you.
4. Cookies and Microsoft Clarity
The website may use Microsoft Clarity, a product analytics tool provided by Microsoft Corporation, to understand how visitors use the site (page views, clicks, scrolls, and anonymised session replays). Clarity sets cookies and stores limited information in your browser. When you visit the website, Clarity may collect device information, IP address (used only for geolocation and immediately discarded according to Microsoft's documentation), interactions, and behavioural metrics.
Microsoft processes this data on its own infrastructure under its own privacy notice, available at microsoft.com/privacy. Clarity is only loaded if a project ID has been configured; if it has not been configured, no Clarity cookies are set and no Clarity data is transmitted.
Beyond this, we do not use advertising cookies, retargeting cookies, or third-party tracking pixels.
5. AI Features and Third-Party AI Providers
The Service may include features powered by artificial intelligence (the “AI Features”), such as handwriting recognition, suggestions, summarisation, search, question solving, explanation, translation, and tagging. To provide these features, the application transmits the relevant User Content to one or more third-party AI providers (“AI Providers”), which may include, without limitation:
- OpenAI
- Anthropic
- Google (Vertex AI / Gemini)
- Microsoft (Azure AI / Copilot services)
- Meta
- Mistral
- xAI
- Other providers we may integrate in the future
You acknowledge and consent that:
- The User Content you submit to AI Features will leave your device and be processed on the AI Provider's infrastructure, which may be located outside Türkiye and the European Economic Area.
- That content may be retained by the AI Provider and/or by us, and may be used to operate, evaluate, debug, fine-tune, train, or otherwise improve AI models, datasets, and the Service — in accordance with each AI Provider's terms and applicable law.
- Each AI Provider operates under its own privacy policy, which governs how it processes your data on its systems.
- You should not enter into the Service any content that you would not want transmitted to a third party or processed by AI systems (e.g. government IDs, financial account numbers, medical records, attorney-client communications, trade secrets, login credentials, or other sensitive or confidential information).
- Where AI Features are optional, you can disable them within the Service if you do not wish your content to be processed by AI Providers.
6. Automated Decision-Making and Profiling
The Service does not subject you to decisions made solely by automated means that produce legal effects concerning you or significantly affect you in a similar way within the meaning of Article 22 of the GDPR or analogous provisions of KVKK.
AI Features generate informational output — such as summaries, suggestions, recommendations, search results, transcriptions of your handwriting, or answers to a question you ask — in response to content you choose to submit. AI Features do not score, rank, profile, accept, reject, or otherwise produce decisions about you. You remain in full control of how you use any AI output, and the Service does not perform automated grading, automated eligibility decisions, automated content moderation against you, or other forms of automated decision-making in respect of your person.
7. Aggregated and Anonymised Data
We may aggregate, anonymise, de-identify, or otherwise process information about how the Service is used and how users interact with it, so that the resulting data no longer identifies you or any other individual. We may use, retain, share, publish, and disclose such aggregated or anonymised data for any lawful purpose, including:
- operating, evaluating, and improving the Service;
- producing usage statistics, analytics, benchmarks, and reports;
- informing public communications, marketing, and announcements about the Service;
- research and development of new features.
Aggregated or anonymised data is not “personal data” for the purposes of GDPR or KVKK and is not subject to the further restrictions of this Policy.
8. Legal Bases for Processing
If GDPR or KVKK applies to you, we rely on the following legal bases:
| Purpose | Legal basis |
|---|---|
| Operating the Service and its core functionality | Performance of contract (Terms of Use) |
| Providing AI Features and transmitting content to AI Providers | Your explicit consent, given by enabling and using AI Features |
| Website analytics (Microsoft Clarity) | Legitimate interest in understanding aggregated usage; consent where required by law |
| Responding to your emails and support requests | Legitimate interest; performance of contract |
| Detecting abuse, debugging, and improving the Service | Legitimate interest |
| Complying with legal obligations | Legal obligation |
9. Sharing of Information
We do not sell your personal information. We share limited information only as follows:
- With AI Providers, strictly to provide AI Features, as described in Section 5.
- With hosting and infrastructure providers (e.g. Cloudflare) that operate the website and content delivery on our behalf.
- With analytics providers (Microsoft Clarity) only when enabled.
- With app-store operators (Google Play) for distribution, crash reporting, and basic performance metrics.
- When required to do so by law, court order, or governmental authority, or to protect our rights, property, or the safety of users or the public.
10. International Transfers
Because AI Providers and our infrastructure providers operate globally, your information may be transferred to, processed in, or stored in countries outside Türkiye and the European Economic Area, including the United States. Where required by law, we rely on appropriate safeguards (for example, the European Commission's Standard Contractual Clauses) or on your explicit consent for the transfer.
11. Data Retention
- User Content on your device is retained for as long as you keep it on the device. Uninstalling the application normally deletes it. We have no copy of it.
- Content sent to AI Providers may be retained by those providers in accordance with their own retention policies; we do not control those retention periods.
- Website analytics data collected via Microsoft Clarity is retained according to Microsoft's published retention rules (typically up to 13 months).
- Email correspondence is retained for as long as necessary to handle your request and to comply with any applicable legal obligations.
12. Your Rights
Depending on where you live, you may have the following rights under GDPR, KVKK, or similar laws:
- access to information about how your personal data is processed;
- rectification of inaccurate or incomplete data;
- erasure of your data (the “right to be forgotten”) where applicable;
- restriction of, or objection to, certain processing;
- data portability;
- withdrawal of consent at any time, without affecting the lawfulness of processing carried out before withdrawal;
- lodging a complaint with a supervisory authority — in Türkiye, the Personal Data Protection Authority (KVKK Kurumu); in the EU, the data-protection authority of your country of residence.
Because the application typically stores your content only on your device and we do not maintain user accounts, the practical exercise of some of these rights mostly comes down to you managing or deleting the content directly on your device. For requests that require our action, contact us at hbaihightech@gmail.com.
13. Data-Breach Notification
In the unlikely event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will take reasonable steps to investigate the incident, contain it, and limit further damage. Where required by applicable law, we will:
- notify the competent supervisory authority — in Türkiye, the Personal Data Protection Authority (KVKK Kurumu); in the EU/EEA, the relevant national data-protection authority — within the time limits required by that law (typically within 72 hours of becoming aware of the breach, where feasible);
- notify affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms, by the most appropriate means available to us (such as an in-application notice, a notice on the website, or, if we have your email address, by email);
- document the breach, its effects, and the remedial action we have taken.
The exact timing, channel, and content of any notification will reflect the requirements of the applicable law and any guidance issued by the competent authority at the time.
14. Children's Privacy
The Service is not directed at children under 13 (or the higher minimum age required by your country's laws). We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us so we can take appropriate action.
15. Security
We take reasonable technical and organisational measures to protect information we process. However, no system is perfectly secure. You are responsible for the security of your device, of any cloud backup of the device, and of any content you choose to transmit to AI Features or other third-party services.
16. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be reflected in the “Effective date” above and, where reasonable, announced within the Service or on the website. Your continued use of the Service after a change takes effect constitutes your acceptance of the updated Policy.
17. Contact
For any privacy question, data-rights request, or concern about this Policy, please contact:
See also our Terms of Use.