Privacy Policy – Commonplace

Commonplace is a personal-use app for collecting and revisiting ideas.

We only process the minimum personal data needed for the app to work.

We don’t sell your data, run ads, or track you across apps.

Most content stays on your device until you choose to sync or upload it.

The app is built with privacy by design and by default: local-first processing where possible, short retention, and clear user controls.

Entries are not intended to include personal data. Please avoid adding personal information about yourself or others to entries.

Photos and voice notes you choose to submit may be processed by trusted third‑party AI services to extract text and help organise it into fields like quote, author, or source. Files are sent securely, processed promptly, and not retained by us after processing.

Entries and account data are stored on secure servers provided by our database vendor. Storage is primarily in the United States.

Some processing, such as OCR and transcription, may also occur in other regions depending on the service used.

International processing. Because data may be processed outside your country, including in the United States, it may be subject to the laws of those jurisdictions. We seek to apply appropriate safeguards, such as the European Commission’s Standard Contractual Clauses or equivalent protections when personal data is transferred across borders.

Temporary files created for processing are stored in secure, non‑backed‑up cache locations and deleted once the task is complete.

Local data on your device uses hardware‑backed encryption when available (for example, iOS Keychain / Android Keystore via SecureStore). Temporary processing files are kept in non‑backed‑up cache locations and removed after use.

We use a small number of specialist providers to operate the app, including hosting/database, secure AI processing for OCR/ transcription and text extraction, and subscription/billing verification. These providers act under our instructions and under data protection terms.

Where international transfers are involved, appropriate safeguards (such as SCCs) are in place. Further details are available on request.

The app includes a "My Data" section showing exactly where each type of information is stored, so you can make informed choices:

• In cloud: Your entries you choose to sync (text only by default)
• Temporary: Processing files (auto-deleted within minutes)

You can export your data anytime from Settings → Privacy → Export Data.

We don’t use analytics or tracking. Authentication cookies only are used when you sign in through the web view and expire with your session. No tracking or analytics cookies are set.

Commonplace starts with privacy-first defaults and simple controls:

• Photo OCR uses secure cloud processing by default.
• Voice recordings are processed via secure cloud transcription.
• Temporary processing files auto-delete immediately.
• Account sync is off until you choose to enable it.
• Send images directly (skip temporary upload) – Settings → Privacy.
• Auto-delete recordings – remove voice notes after transcription.
• Auto-delete temporary uploads – delete processing files immediately after use.
• Export data – download your entries (JSON/CSV).
• Delete entries or account – within the app or by emailing us.

You can request access, correction, deletion, or export of your personal data, and you may object to or limit certain processing. To exercise any of these rights, email commonplaceapp@outlook.com. You also have the right to contact your local privacy or data protection authority about any concern.

We do not sell or share personal information for advertising or cross-context behavioural tracking.

We use HTTPS for all connections and encrypt data at rest.

We retain data only as long as needed to provide the service or meet legal requirements.

We maintain minimal security logs to protect the service from abuse (for example, bursts or bots). These logs may include your account identifier (if signed in), a daily-rotated hash of your IP address, the part of the app you called, result codes, simple counters, and timestamps. We do not log your content (entries, images, audio, or extracted text) in these records. Raw security logs are kept for up to 30 days, and we may retain anonymized aggregates longer to improve reliability. This data is used only for security and service integrity and is not sold or shared for advertising.

We also use automated rate limiting (request throttling) to prevent abuse and protect service reliability. This system tracks request patterns but not content, and alerts us to unusual activity without compromising your privacy.

Data stored with our providers is protected by encryption in transit and at rest, and we require appropriate security standards.

Commonplace is not intended for individuals under the age of sixteen, or the minimum age required to use online services in their region if higher. We do not knowingly collect personal data from anyone below that age and will delete such information if we become aware of it.

We may update this policy as the app evolves. We’ll update the date above and notify you in-app if changes are material.

Apple Inc. is a separate controller for App Store purchases. See Apple’s Privacy Policy for details.

Contact: commonplaceapp@outlook.com

Controller: Mark Connolly trading as Commonplace