· Privacy · Pica Notes
Your notes stay on your device. Crash reports on by default; usage analytics off until you opt in.

Privacy
policy.

Effective21 May 2026
Applies toPica Notes (iOS & macOS)
Governing lawState of Israel
Plain English by design

Plain-English summary

  • Your notes, audio recordings, and transcripts live on your device. We never receive them.
  • If you turn on iCloud, Apple syncs your notes through your private iCloud account. We do not have access.
  • Transcription and AI summaries run entirely on your device. Audio never leaves your phone for transcription.
  • We use Sentry for anonymous crash reports — on by default so we can fix things that break (you can turn it off in Settings).
  • We use PostHog for anonymous product analytics — off by default; it only runs if you turn it on.
  • Either way, it's only ever used to make the app better — never sold, never used for anything else.
  • We use Apple's StoreKit for subscriptions. Apple, not us, processes payments.
  • We use a Google Form for feedback you choose to send. The form only sees what you type into it.
Plain answer

Data we receive about your notes: none. What we may receive: anonymous crash reports (on by default) and, only if you turn it on, anonymous feature-usage counts. Never note content.

Geographic scope

Pica Notes is available only in App Store regions where we have published it. See the app's App Store listing for the current list of supported countries. We do not offer the app in the European Economic Area, and this policy is not designed to satisfy the EU General Data Protection Regulation.

For users in the United Kingdom and Switzerland, we comply with the UK GDPR and the Swiss Federal Act on Data Protection respectively to the extent each applies to a data controller in our position; the rights described below extend to UK and Swiss users alongside the US-state rights set out in Section 10.

This policy is governed by the laws of the State of Israel.

What we collect

What we do not collect

We do not collect, transmit, or have any access to:

  • The text of your notes
  • Audio recordings made inside the app
  • Transcripts of those recordings
  • Speaker labels you assign
  • AI-generated summaries
  • Your name (it stays on your device, used only for the personalised greeting)
  • Your photo or contact details
  • Your precise location
  • Your IDFA (Apple's Identifier for Advertisers)

Everything you type or record stays on the device it was created on, plus any other devices that share your personal iCloud account.

Diagnostics & analytics

We use it only to make the app better — diagnosing crashes and understanding which features get used. Never sold, never shared with advertisers, never used for any other purpose. Both streams are anonymous and changeable at any time in Settings → Privacy.

Crash reports (Sentry) — on by default, you can turn them off. A description of the crash, the call stack, the file and line that crashed, and the iOS / macOS version. A randomly-generated installation ID. Breadcrumbs we record at key state changes (e.g. "transcription started", "paywall shown") — never note content. Legal basis (UK/Switzerland): our legitimate interest in keeping the app stable and secure.

Product analytics (PostHog, EU hosting) — off until you turn it on. Collected only if you opt in. Counts of feature use, e.g. how many notes are created, how many transcriptions complete, how often the paywall is shown. Anonymous metadata: app version, OS version, device model, locale. A random installation ID we do not link to your Apple ID. No IP address is stored in identifiable form. Legal basis (UK/Switzerland): your consent.

What we collect if you submit feedback

If you tap "Send feedback" in Settings, your message goes to a Google Form we own. The form captures the text you type, the category you select, the email address you optionally provide, and a short context block (app version, OS version, device model, locale, opt-in state). We use feedback solely to fix bugs, prioritise features, and reply to you. We do not add your email to any marketing list.

What Apple collects on our behalf

When you buy a subscription, Apple — not us — handles the entire transaction through StoreKit. Apple gives us only a transaction ID, the subscription product identifier, and the renewal status. We never see your Apple ID, your name, your billing address, or your payment method.

iCloud sync

If iCloud Drive is enabled on your device, your notes, audio recordings, and transcripts sync via Apple's CloudKit framework to a container under your own Apple ID. We have no access to this data. It is encrypted in transit and at rest by Apple, stored under your iCloud account, and subject to Apple's privacy policy. If you delete a note, the deletion propagates through CloudKit to your other devices.

You can disable iCloud sync for Pica Notes at any time in iOS Settings → Apple ID → iCloud → Apps Using iCloud → Pica Notes.

On-device processing

Pica Notes performs all transcription and summarisation on your device, using Apple's Neural Engine:

  • Transcription — OpenAI Whisper Large v3 Turbo, running locally. The model is downloaded once (≈632 MB) and never sends audio anywhere.
  • Speaker separation — FluidAudio Sortformer, running locally. Up to four speakers per recording.
  • Summaries and titles — Apple's on-device Foundation Models framework. No cloud fallback is used.

If your device does not support Apple Intelligence, summarisation is simply unavailable for that note. We do not transparently fall back to a remote model.

How we use what we collect

We use diagnostics and analytics only to diagnose and fix crashes, understand which features are used, prioritise bug fixes and new features, and reply to your feedback when you've supplied an email. In short: only ever to make the app better — nothing else.

We do not sell or rent any of this data, share it with advertisers or data brokers, use it to build a profile of you, use it to train AI models, or combine it with data from any other source.

Third parties

If you opt into telemetry, the following processors handle the relevant subset on our behalf:

ProcessorDataPurposeRegion
SentryCrash reports, breadcrumbsCrash diagnosticsUS
PostHogProduct analytics eventsFeature usage analysisEU (Frankfurt)
Google LLCFeedback you submitRead your feedbackUS
Apple Inc.Subscription transactions, iCloud syncPayments, syncUS / global

We require each processor to limit their use of the data to the purposes above. We do not currently share or sell data to any other party.

Children

Pica Notes is rated 4+ in the App Store but is designed for general use. We do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has used the app and shared data with us, contact us and we will delete it.

Your choices

  • Turn off crash reports. Settings → Privacy → toggle "Crash reports" off. Sentry stops immediately.
  • Usage analytics stays off unless you opt in. Settings → Privacy → "Usage analytics". PostHog only runs while it's on.
  • Delete a single note — cascade-deletes the note, its audio, its transcript, and its AI summary on your device and across iCloud.
  • Delete the app — removes all local data. Notes synced to iCloud remain in your iCloud account until you delete them from another device or from iOS Settings.
  • Disable iCloud sync — iOS Settings → Apple ID → iCloud → Apps Using iCloud → Pica Notes.
  • Request access or deletion of feedback you submitted — email us and we will remove your submissions from the linked Google Sheet within 30 days.

California & other US state privacy laws

If you are a resident of California: we do not sell or share your personal information as those terms are defined under California law. We have not done so in the past 12 months and do not intend to. Categories we collect (only if you opt in): identifiers (installation ID) and internet activity (feature events). You have the right to request a copy of personal information about you, request deletion, request correction, opt out of any future sale or sharing, and not be discriminated against for exercising these rights.

If you are a resident of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, or another US state with a comprehensive privacy law, you have similar rights. Use the same contact email to exercise them.

Data retention

  • Local data (notes, audio, transcripts) — stored on your device until you delete it, delete the app, or factory-reset the device.
  • iCloud data — stored under your Apple ID until you delete it from any synced device.
  • Crash reports (Sentry) — 90 days by default.
  • Analytics events (PostHog) — 12 months by default.
  • Feedback (Google Form / Sheet) — indefinitely, unless you request deletion.

Security

We rely on Apple's platform security for local storage and iCloud sync. Transcription, summarisation, and rich-text editing run entirely on-device. Telemetry payloads, if opt-in is enabled, are sent over TLS to Sentry and PostHog. We do not operate any user-data servers ourselves. No system is perfectly secure. If you become aware of a vulnerability, please email us at the address below.

Changes

If we make material changes to this policy we'll update the "Effective" date at the top and, where practical, notify you inside the app on next launch. Continued use of the app after a change means you accept the updated policy.

Contact

Privacy questions go to hello@picaapps.com. Security disclosures go to security@picaapps.com. Both are read by a real person, usually within two working days.

Any dispute arising out of or relating to this policy or the app will be brought exclusively in the competent courts of Tel Aviv-Jaffa, Israel.