Legal
Privacy Policy
Last updated: March 24, 2026
Overview
The short version: Noatly stores your letters on your device only. Nothing you write is sent to any server. We don't have your data and couldn't access it even if we wanted to.
Noatly is an offline-first iOS app. There is no Noatly account, no cloud sync, and no backend server. This privacy policy explains how we handle the limited data that does touch external services — specifically advertising and in-app purchases — and what that means for you.
Data we collect
Your letters and content. Everything you write in Noatly — letter titles, body text, unlock dates, folder names — is stored entirely on your device using SwiftData. This data is encrypted at rest with AES-256-GCM (CryptoKit) before it is written to disk. The encryption key is stored in your device's Keychain and never leaves your device.
App preferences. Settings like your chosen theme, notification preferences, and reminder times are stored locally in UserDefaults on your device. We do not collect or receive this information.
We do not collect. We do not collect your name, email address, phone number, location, or any personally identifying information. We have no account system.
Advertising
Noatly is free to download and supported by ads on the Home screen. Ads are served by Google AdMob. Noatly never shows ads while you are writing a letter or reading an unlocked letter.
Google AdMob may collect and use certain device information to serve relevant ads, including:
- Device identifiers
- Coarse device information (model, OS version)
- Ad interaction data (views, taps)
Noatly uses Google's User Messaging Platform (UMP) to request your consent before personalized advertising is enabled, in compliance with GDPR. You can update your ad preferences at any time in Settings → Privacy Choices.
Google's privacy policy applies to AdMob data collection: policies.google.com/privacy
Upgrading to Noatly Premium removes all ads.
Purchases
Noatly Premium is sold as an auto-renewing subscription through Apple's App Store using StoreKit 2. All payment processing, subscription management, and billing data is handled entirely by Apple. Noatly does not receive or store your payment method, billing address, or Apple ID.
Your premium entitlement is stored locally on your device. Restoring purchases is handled through Apple's receipt validation — no Noatly server is involved.
Apple's privacy policy applies to purchase data: apple.com/legal/privacy
Notifications
Noatly uses Apple's UserNotifications framework to deliver local notifications — daily writing reminders and unlock alerts. All notifications are scheduled on your device and delivered locally. No notification data is sent to any server. Notification permissions can be managed at any time in iOS Settings.
Security
Your letters are encrypted with AES-256-GCM before being stored on disk. The encryption key is generated on your device and stored in the iOS Keychain, which is protected by your device passcode and Secure Enclave where available.
Important limitation: because Noatly is offline-only with no cloud backup, your letters exist only on your device. If you delete the app, lose your device without a backup, or your device is reset, your letters cannot be recovered. We strongly recommend keeping iOS backups enabled if you want to protect your data.
Data sharing
Noatly does not sell your personal data. We do not share your letters, preferences, or any content with third parties. The only third-party integrations are:
- Google AdMob — for ad serving on the Home screen only (see Advertising above)
- Apple App Store / StoreKit 2 — for subscription purchase and receipt validation
Neither integration has access to the content of your letters.
Children's privacy
Noatly is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided personal information through the app, please contact us and we will take steps to address it.
Advertising in Noatly uses Google AdMob with consent-gated personalization. Users under applicable consent age thresholds will receive non-personalized ads only.
Your rights
Because Noatly stores your data locally on your device and does not transmit it to any server, most of your privacy rights can be exercised directly on your device:
- Access and portability: Your data is on your device. You can read and export letters manually at any time.
- Deletion: Delete individual letters in the app, or delete the app entirely to remove all data from your device.
- Ad preferences: Update your ad consent in Settings → Privacy Choices.
If you have questions about Google AdMob data or Apple purchase data, those requests should be directed to Google and Apple respectively under their own privacy policies.
For any other privacy questions, contact us at the address below.
Changes to this policy
We may update this privacy policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If changes are material, we will notify you through the app or App Store release notes. Continued use of Noatly after any changes constitutes acceptance of the updated policy.
Contact
If you have questions or concerns about this privacy policy or how Noatly handles your data, please reach out: