Privacy Policy
1. Data we collect
None. ThinkAloud does not collect, transmit, sell, or share any personal data. The developer operates no servers and has no technical means of receiving your notes, audio, photos, usage patterns, or identity.
2. How your content is processed
All AI processing — turning speech into notes, suggesting tags, reading photos, and answering questions about your notes — happens on your device, using Google's Gemma model running locally via LiteRT. Audio recordings, photos, and note text are never uploaded for processing.
On first use the app downloads the AI model file (~2.4 GB) over an encrypted connection. This is a one-time download of the model itself; no personal data is sent with the request.
3. Where your notes live
Notes are plain Markdown files stored in a vault folder on your device. On iOS the vault is exposed in the Files app; on Android, Windows, and macOS you choose the folder. You can read, edit, back up, or delete these files with any tool at any time.
4. Device permissions
- Microphone — records voice notes when you tap record. Audio is transcribed on-device and never leaves your device.
- Camera — captures whiteboards and documents to turn into notes, on-device, when you choose to.
- Photo library — lets you pick an existing image to turn into a note, processed on-device.
- Location — never used. ThinkAloud never requests or reads your location. A location notice appears in the app's iOS manifest only because a bundled third-party photo-picker component references location APIs; that code path is never used and no location data is accessed.
5. Optional sync — your cloud, not ours
Sync is off by default. If you enable it, ThinkAloud writes your Markdown files directly from your device to storage you own:
Google Drive
- The app requests the
drive.filescope — access limited to a privateMy Drive › ThinkAloudfolder the app itself created — plus your email address to label the connected account in Settings. - Sign-in tokens are stored only on your device, in the operating system's secure storage (Keychain/Keystore).
- Transfers go directly between your device and Google over HTTPS. The developer is not in the path and receives nothing.
- ThinkAloud's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is used solely to sync your notes at your request, and is never transferred to third parties or used for advertising.
- You can revoke ThinkAloud's access at any time at myaccount.google.com/permissions.
iCloud
- On Apple platforms, sync can use the app's iCloud container under your own Apple ID, visible in the Files app. Storage and transport are governed by Apple's iCloud terms; the developer has no access.
6. Deleting your data
- Notes are your local files — delete them in the app or in any file manager.
- With sync enabled, deletions propagate to your Drive copy (via Drive's Trash) or iCloud copy.
- Disconnecting sync in Settings deletes the stored sign-in token from your
device. You can additionally revoke access from your Google account, or
delete the
ThinkAloudfolder in Drive/iCloud yourself. - Uninstalling the app removes the app and its private data; vault folders you placed outside the app remain yours.
7. Children
ThinkAloud is not directed at children under 13 and, collecting no data, processes no personal information from anyone — children included.
8. Changes to this policy
If the app's data practices ever change, this page will be updated and the effective date revised before the change ships. Because the architecture is local-first, meaningful changes are unlikely.
9. AI models & licenses
ThinkAloud runs Google's Gemma language model on your device to generate notes and answer questions. It is used under the Gemma Terms of Use and is subject to the Gemma Prohibited Use Policy. Gemma is a trademark of Google LLC.
10. Contact
Privacy questions can be raised on the public issue tracker.