Privacy Policy
Last updated: May 24, 2026
This Privacy Policy describes how EarthNotes ("we," "us," or "our") collects, uses, and shares information when you use the EarthNotes mobile apps (iOS and Android) and website at earthnotes.ai (collectively, the "Service"). EarthNotes is a geolocation-based collaboration tool for mapping properties, sharing notes, and discussing places with teams and contacts.
By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Information you provide
- Account information — your display name, username, email address (if you sign up for a full account), and profile picture.
- Authentication credentials — EarthNotes is passwordless. You sign in with a one-time 6-digit code we email or push to your device, or with Apple/Google Sign-In. We never ask for or store a password. If you sign in with Apple or Google, we receive a unique identifier and (if you authorize it) your email and name.
- Map content — the markers, notes, tags, links, and conversations you create on properties. Marker locations are stored as latitude/longitude coordinates.
- Files — photos, PDFs, and documents you upload via the camera, photo library, or clipboard.
- Messages — the text and attachments you send in conversations and share links.
- Contacts — if you grant the Contacts permission, we read your device contacts only to populate the @-mention picker. Contact data is processed on your device and is not transmitted to our servers unless you explicitly tag someone in a message.
1.2 Information collected automatically
- Device and usage information — device type, operating system, app version, and crash logs.
- Approximate location from IP address — when a recipient opens a share link without an account, we look up the visitor's approximate city/region from their IP to generate a friendly default name like "Guest from Orlando, FL." We do not store the IP itself.
- Precise location — if you grant the location permission, we use your device's GPS to center the map and place markers at your current location. Location is processed on your device and is only sent to our servers when you explicitly create a marker, file, or note at that location.
- Analytics — anonymized usage events (which screens are viewed, which actions are taken). You can disable analytics in your device's app settings.
- Push notifications — a device token used solely to deliver notifications you opt into.
2. How We Use Your Information
- Provide, operate, and maintain the Service.
- Authenticate you and keep your account secure.
- Display your markers, notes, and conversations to the teams and individuals you share them with.
- Send transactional emails and push notifications (e.g., "@you was mentioned in a thread").
- Improve the Service via anonymized analytics and crash reporting.
- Comply with legal obligations and prevent fraud or abuse.
3. How We Share Information
We do not sell your personal information.
We share information only in these limited circumstances:
- With your team — markers, notes, files, and conversations are visible to members of the team you created them on, and to anyone you explicitly share with via a share link or @-mention.
- With recipients of share links — when you generate a share link to a property, the recipient sees the property's address, the marker you shared, your name, and any files or initial message you included.
- With service providers — reputable third parties that help us run the Service: cloud hosting and content delivery, analytics and crash reporting, transactional email, IP geolocation for share-link visitors, and mapping/place search. Each provider is contractually limited to handling your data only as needed to deliver the Service to you.
- For legal reasons — if required by law, subpoena, or to protect the rights, property, or safety of EarthNotes, our users, or the public.
- In a business transfer — if EarthNotes is acquired or merged, your information may be transferred as part of that transaction. We will notify you before this happens.
4. Data Retention
We retain your account information and content for as long as your account is active. When you delete content (a marker, conversation, file, or share link), it is removed from our active systems immediately and from backups within 30 days. When you delete your account (via the in-app Account → Delete Account flow, or via earthnotes.ai/delete-account), your profile is scrubbed immediately: your name, email, phone, bio, and profile picture are removed; your avatar image is deleted; all of your active sign-in sessions and push-notification tokens are revoked; any Apple or Google sign-in links are disconnected; and your username is released for someone else to claim. Anonymized security/abuse logs may be retained for up to 90 days. Records required by law (e.g., tax records) are retained for the legally required period. Markers, files, notes, and conversations you contributed to a shared team remain on your teammates' maps because they are owned by the team; your name on those will read "Deleted user."
5. Your Rights and Choices
- Access and correction — view and edit your profile information in the app's Settings.
- Deletion — delete your account at any time, either from inside the app (Menu → Account → Delete Account) or on the web at earthnotes.ai/delete-account. Deletion is self-service, immediate, and irreversible. No email exchange is required.
- Permissions — you can revoke the Contacts, Location, Camera, and Photos permissions at any time from your device's settings. The Service remains usable with reduced functionality.
- Notifications — disable push notifications in your device's settings; manage email notification preferences in the app.
- Data export — request a copy of your data by emailing letsgo@earthnotes.ai.
If you are a resident of the European Economic Area, United Kingdom, California, or another jurisdiction with applicable privacy laws (GDPR, CCPA, etc.), you have additional rights including the right to object to processing, the right to data portability, and the right to lodge a complaint with your local data protection authority.
6. Children's Privacy
EarthNotes is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us and we will delete it.
7. Security
We use industry-standard technical and organizational measures to protect your information. No method of transmission over the Internet is 100% secure, but the principles below describe what we do to minimize risk.
7.1 File and attachment access
Every file you upload — photos, PDFs, Office documents, anything attached to a marker or message — is stored privately. The files have no public web addresses and cannot be discovered from the outside. When you (or someone you've granted access) need to view or download a file, our server first verifies you're allowed to see it, then issues a single-use, time-limited link to that specific file. The link expires automatically and cannot be modified to point at any other file.
One exception: the small thumbnail previews shown next to attachments in lists and chat are served via a public, unguessable link (similar to a Google Docs "anyone with the link" share). The link itself is impossible to discover by guessing, but anyone who obtains it can fetch the thumbnail image without signing in. Treat the thumbnail like the preview you'd post in a chat: don't upload a file whose first-page preview would itself be sensitive.
7.2 Authentication
EarthNotes is passwordless. You sign in with a one-time 6-digit code (delivered by email and push notification) or with Apple/Google Sign-In. Login codes expire after a short window and can only be used once. After sign-in, your session is stored securely on your device. We revoke your session when you sign out, delete your account, or remove a device.
7.3 Authorization and team isolation
Every request to view content is checked against your identity and team membership. Markers, files, conversations, and notes belong to the team that owns them — there is no back door that exposes another team's content. Share links work by creating a copy of the shared property inside the visitor's team, so the visitor never gains access to the original team's data; each side sees only their own copy connected by the shared conversation.
7.4 Encryption in transit and at rest
All traffic between your device and our servers is encrypted in transit. Files and account data are encrypted at rest, and backups are encrypted with the same protections. API keys and credentials never ship inside the mobile app or our public code.
7.5 Account-deletion and revocation
When you delete your account, we immediately revoke every active sign-in and push-notification token, disconnect any Apple/Google sign-in links, scrub your profile fields, and delete your avatar image. See Data Retention above for the full list of what's removed and what's retained.
7.6 Reporting a vulnerability
If you discover a security vulnerability, please email letsgo@earthnotes.ai with the details. We investigate every report and will keep you informed of the resolution.
8. International Data Transfers
EarthNotes is operated from the United States. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions where our service providers operate.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify you in the app or via email.
10. Contact
If you have questions about this Privacy Policy or your data, please contact us:
EarthNotes
Email: letsgo@earthnotes.ai
Website: earthnotes.ai
© 2026 EarthNotes. All rights reserved.