your thoughts,
yours.

tappex ("we," "our," or "us") is a quick-capture productivity application developed by daniels. this privacy policy explains how we collect, use, store, and protect your information when you use the tappex application across ios, watchos, macos, windows, linux, browser extensions, and our website at www.tappex.app.

capture content

when you use tappex, you create "captures" — text notes, voice recordings, links, and other content you choose to save. this is your primary data.

• text captures: any text you type, paste, or share into tappex.
• voice recordings: audio files recorded through the capture overlay, apple watch, or siri shortcut. transcribed into text; original audio is stored locally.
• shared content: urls, text selections, and other content sent via the share sheet or email-in feature.
• metadata: timestamps, capture source (voice, text, share, widget, watch, siri), and classification tags generated by ai.

account information

when you create a tappex account (required for sync and pro/teams features), we collect:

• email address: used for authentication, account recovery, and essential service communications.
• authentication tokens: from apple sign-in or google sign-in if you choose those methods.
• subscription status: your plan tier (free, pro, or teams) and billing status, managed by apple's app store or our payment processor.

usage analytics

we collect minimal, anonymized usage data to improve the product:

• capture counts: how many captures you make per day (not their content).
• feature usage: which capture surfaces you use (widget, watch, hotkey, etc.) and how frequently.
• performance metrics: time-to-capture measurements, app launch times, and crash reports.
• device information: device model, os version, app version — for compatibility and debugging.

usage analytics are fully anonymized and cannot be linked back to your identity or capture content. we do not use third-party analytics sdks that track you across apps. we do not build advertising profiles.

what we do not collect

• we do not collect your contacts, photos, calendar, or browsing history.
• we do not collect location data.
• we do not read your captures on our servers (zero-knowledge architecture).
• we do not use tracking pixels, fingerprinting, or cross-app tracking.

local-first architecture

tappex is offline-first by design. every capture is saved to local storage on your device immediately — before any network request is made. if you never create an account, your data never leaves your device.

• ios / watchos: swiftdata (sqlite) database within your app's sandbox or app group container.
• desktop: local sqlite database in your user data directory.
• audio files: voice recordings stored in the app's documents directory on your device.

end-to-end encryption

when sync is enabled, all capture content is encrypted on your device before being transmitted:

• key derivation: argon2id derives your encryption key from your account credentials. the key never leaves your device.
• key exchange: x25519 for secure key exchange between your devices.
• payload encryption: aes-256-gcm for all capture content, metadata, and audio files.
• zero-knowledge servers: our servers store and relay encrypted blobs. they never possess the decryption key. a server breach would yield only ciphertext.

data residency

encrypted data is stored on servers located in the european union (germany). we use postgresql for structured data and cloudflare r2 or equivalent for encrypted binary objects (voice recordings, attachments).

on-device processing — preferred

tappex prioritizes on-device ai processing whenever your hardware supports it:

• voice transcription: apple's speech framework (sfspeechrecognizer) runs entirely on-device for clips under 60 seconds. no audio is sent to any server.
• classification: when apple intelligence or a local model is available, capture classification runs on your device.
• embeddings: local embedding models (e.g., bge-small) are used for semantic search when device resources allow.

cloud ai fallback

when on-device processing is not available or not sufficient, tappex may use cloud ai services:

• transcription: longer voice clips may be transcribed using groq or deepgram. audio is sent encrypted in transit (tls 1.3) and is not stored by the provider after processing.
• classification: capture text may be sent to anthropic's claude haiku for classification. requests are ephemeral — zero-retention api endpoints. your data is not used to train any ai model.
• embeddings: text may be sent to openai's embedding api for semantic search. same zero-retention policy applies.

integrations you control

when you configure routing rules to send captures to other apps, tappex communicates with those services on your behalf:

• apple reminders (via eventkit — local, no network)
• things 3 (via url scheme — local)
• todoist, ticktick, google tasks, microsoft to do (via their apis — your auth token, your data)
• notion (via their api)
• obsidian (via local file system or sync)
• readwise (via their api)

tappex sends only the specific capture content you choose to route. these integrations are opt-in and can be revoked at any time.

infrastructure services

• hosting: railway or hetzner (eu-based servers)
• object storage: cloudflare r2 (encrypted blobs only)
• payment processing: apple app store — we never see your credit card details

active use

your captures are retained for as long as your account is active. archived captures remain accessible. deleted captures are:

• removed from local storage immediately.
• removed from our sync servers within 30 days (to allow propagation to all your devices).
• permanently purged from all backups within 90 days.

account deletion

you can delete your account at any time from settings. when you delete your account:

• all encrypted capture data is permanently deleted from our servers within 30 days.
• all account information (email, tokens) is permanently deleted within 30 days.
• anonymized usage analytics are retained (they cannot be linked to you).
• local data on your devices remains until you uninstall the app.

data export

you can export all your data at any time in standard formats (json, csv, or markdown). the export includes all captures, metadata, classifications, and audio file references.

if you are in the european economic area (eea), united kingdom, or switzerland, you have the following rights under the general data protection regulation:

• right of access: request a copy of all data we hold about you.
• right to rectification: correct inaccurate personal data.
• right to erasure: request deletion of your personal data ("right to be forgotten").
• right to data portability: receive your data in a structured, machine-readable format.
• right to restrict processing: limit how we use your data.
• right to object: object to processing of your data for specific purposes.
• right to withdraw consent: withdraw consent at any time where processing is based on consent.

to exercise any of these rights, contact us at the address below. we will respond within 30 days.

tappex is not intended for children under 16. we do not knowingly collect personal information from children under 16. if we learn that we have collected data from a child under 16, we will delete it promptly. if you believe a child under 16 has provided us with personal information, please contact us.

we may update this privacy policy from time to time. when we make material changes, we will:

• update the "last updated" date at the top of this page.
• notify you via the app or email if the changes are significant.
• give you at least 30 days' notice before significant changes take effect.

continued use of tappex after the effective date constitutes acceptance of the updated policy.

acceptable use

by using tappex, you agree to use it lawfully and not attempt to reverse-engineer encryption, bypass access controls, or abuse our infrastructure.

no warranty

tappex is provided "as is" without warranty of any kind. we are not liable for data loss caused by device failure, user error, or forces outside our control — always keep your own backups if data is critical.

subscription

your subscription may be canceled at any time. refunds are handled per the apple app store or our payment processor's policies. we reserve the right to suspend accounts that violate these terms.

governing law

these terms are governed by the laws of the jurisdiction in which the service is provided. disputes will be resolved in that jurisdiction's courts.

if you have any questions about this privacy policy, your data, or your rights: