← back to noodle

legal

Privacy Policy

Last updated: March 2026

This Privacy Policy explains how Noodle ("we", "us", or "our") collects, uses, and protects your personal information when you use our website, iOS application, and related services (collectively, the "Service").

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Noodle is the data controller for personal information collected through the Service. If you have any questions about this policy or how we handle your data, please contact us at privacy@noodleapp.xyz.

2. Information we collect

Information you provide directly

• Email address — when you join our waitlist or create an account.
• Thought content — text, voice recordings, and sketches you capture using the app. This is the core content of the Service.
• Account details — name and subscription information if you subscribe to Pro or Teams.

Information collected automatically

• Usage data — how you interact with the app (features used, session length, error reports). This data is anonymised where possible.
• Device information — device type, operating system version, and app version, used to diagnose bugs and improve compatibility.

Information we do not collect

We do not collect payment card details. All payment processing is handled by Apple via In-App Purchase and is subject to Apple's privacy policy.

3. How we use your information

• To provide, operate, and improve the Service.
• To send you waitlist updates and product announcements (you can unsubscribe at any time).
• To personalise AI features such as Untangle mode — see our AI Policy for details.
• To diagnose technical issues and maintain security.
• To comply with legal obligations.

4. Legal basis for processing

We process your personal data on the following legal bases:

• Contract — to fulfil our obligations when you use the Service.
• Consent — for marketing emails and optional data processing (e.g. AI features). You can withdraw consent at any time.
• Legitimate interests — to improve the Service, prevent fraud, and maintain security, where these interests are not overridden by your rights.
• Legal obligation — where we are required to process data by law.

5. Data storage and security

Your data is stored on servers located in the United Kingdom (EU-West-2, London region) operated by Supabase, Inc. We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS) and at rest.

No method of transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

6. Data retention

• Waitlist emails — retained until you ask to be removed or until the Service launches, whichever is sooner.
• Account and content data — retained while your account is active, plus 30 days after deletion to allow for recovery. Free tier entries older than 90 days are automatically deleted in accordance with the service tier.
• Usage data — anonymised after 12 months.

7. Sharing your information

We do not sell your personal data. We share your data only with:

• Supabase — our database and backend infrastructure provider, acting as a data processor.
• AI model providers — when you use Untangle mode, relevant thought content is sent to our AI provider for processing. See our AI Policy for details.
• Analytics providers — anonymised usage data only, to help us understand how the app is used.
• Law enforcement — if required by applicable law, court order, or governmental regulation.

8. Your rights

Under UK GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — ask us to delete your personal data ("right to be forgotten").
• Portability — receive your data in a structured, machine-readable format.
• Restriction — ask us to restrict processing of your data in certain circumstances.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@noodleapp.xyz. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

Our website uses only essential cookies required for the site to function correctly. We do not use tracking or advertising cookies. No cookie consent banner is required.

10. Children's privacy

The Service is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email (if you have an account) or by posting a notice on our website. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact

For privacy-related queries, contact us at privacy@noodleapp.xyz.