Notto · Privacy

How we handle your stuff.

Last updated: April 19, 2026

Notto is a not-to-do list. The content you write lives on your phone. The only thing that leaves is what Apple needs to verify a purchase.

Who we are

Notto is an iPhone app built and maintained by Yoav Chen, an independent developer. You can reach me at notto@yoavchu.com.

What this policy covers

This policy explains what Notto stores, where it stores it, and what it doesn't do. That's the whole document. If anything below changes, the "last updated" date at the top will too.

What Notto stores

Everything in the list below is kept on your device. None of it is sent to a server we own or to any third party.

Your nottos. The text you type, the category you pick, and the date you added it. On-device
Daily entries. Whether you struck or slipped a notto on a given day, the date, and any slip note you chose to write. On-device
Your first name. Asked during onboarding so Notto can greet you. Last name is optional. On-device
Preferences. Your appearance choice (light, dark, or system), whether the daily nudge is on, and a flag that remembers you've finished onboarding. On-device
Notification permission. If you turn on the daily nudge, iOS records your permission choice. Notto reads that state so it can show the right toggle. On-device
A color seed per notto. A small number used to pick the card's accent color. Computed locally; nothing personal. On-device

Where it lives

Notto stores your data in a private container shared between the app and its widget — an iOS App Group that only Notto can read. The database is a small SQLite file inside that container. Your iPhone holds it. Our servers don't see it, because we don't run any.

If you delete Notto, iOS deletes that container. Your data goes with it. There is no cloud backup, no export server, no way for anyone at Notto to restore what you removed.

Subscriptions and purchases

Notto offers optional paid plans. When you purchase, the transaction is processed by Apple's In-App Purchase system — your Apple ID handles the money, and Apple is the seller of record. Notto never sees or stores your payment method, billing address, or credit card.

To track whether a valid subscription exists on the current device, Notto uses RevenueCat, a subscription-management service. RevenueCat receives an anonymous RevenueCat-generated user ID, the product identifier of what you bought, the transaction timestamp, your current App Store storefront country, and standard request metadata (device model, OS version, SDK version). RevenueCat does not see your Apple ID, your name, your nottos, or any content you create in the app. See RevenueCat's privacy policy for their side.

If you never subscribe, only a small anonymous identifier is exchanged with RevenueCat the first time the app launches so it can confirm you're not already a paying customer.

What Notto does NOT do

No accounts. No sign-in. No password.
No content servers. The text of your nottos, slip notes, and your name never leaves your iPhone.
No analytics provider. No crash reporting of our own. No event tracking for product usage.
No advertising. No IDFA. No App Tracking Transparency prompt — because there is nothing to track.
No third-party SDKs beyond the subscription-management one described above. Nothing else phones home.
No email collection, no newsletter signup, no contact form that stores data.
No location, contacts, calendar, photos, microphone, camera, or health access. Notto never asks.

Notifications

Notto offers one optional notification: a gentle nudge each morning at 9am. It's scheduled locally by your iPhone through UNUserNotificationCenter. Nothing is sent from a server; we don't have one.

You can turn the nudge off any time from Settings → Nudges inside Notto, or revoke the permission entirely in iOS Settings → Notifications → Notto.

Children's privacy

Notto isn't directed at children and isn't listed in the Kids category on the App Store. That said, the app collects no personal information from anyone — no email, no account, no identifier — so there is nothing Notto holds that could be used to identify a child, or anyone else.

Changes to this policy

If this policy ever needs to change, the new version replaces the old one at the same URL, and the "last updated" date gets bumped. Meaningful changes will also show up in an app update's release notes.

Contact

Questions, concerns, or corrections: notto@yoavchu.com. One human reads it.