Popy
The short version
Your data is stored on your device. We don't keep copies of your notes, articles, meetings, or anything you save. Some features — like syncing, digests, and browser extension saves — require data to pass through our servers temporarily to work, but we don't read it, sell it, or use it for anything other than delivering that feature. When we use AI for transcription or summaries, that data is processed and discarded — never used to train models. We track basic usage stats (like how many minutes of audio were transcribed) to understand costs and usage patterns, but we never see the actual content.
That's the gist. The rest of this document explains exactly how it all works.
1. Who we are
We're the Popy team — a small group of builders who miss some of the iconic apps like Pocket and Wanderlust, and who are strong believers in AI making humans smarter and more efficient, not yet doing things for them (might get there soon).
If you have questions about this policy, contact us at: team@getpopy.com
2. What data we collect
2.1 Data you create in Popy
This includes:
- Notes you write
- Articles you save
- Tools and resources you bookmark
- Meeting recordings and transcripts
- Voice memos and transcriptions
- Tasks you create
- Contacts and people you @mention
- Tags, links, and connections between items
Where this data lives: On your device. We do not maintain copies of this data on our servers, and the primary store of all your content is always your device.
When data may pass through our servers: Certain features require your data to be temporarily transmitted to our servers in order to function. These include syncing across devices, delivering personalised digests, processing browser extension saves, and maintaining the configuration necessary to provide these features. In all such cases, data is used solely to deliver the feature you activated, is transmitted securely (encrypted in transit), and is not used for any other purpose. See Section 3.2 for more detail.
2.2 Account information
If you create a Popy account, we collect:
- Email address
- Name (optional)
- Payment information (processed by our payment provider, not stored by us)
2.3 Usage data
We collect anonymised, aggregate usage statistics to understand how Popy is used and to manage costs. This includes:
- Number of API calls made (e.g., transcription requests)
- Token counts for AI processing
- Minutes of audio transcribed
- Feature usage frequency
- App version and operating system
- Crash reports and error logs
What we don't collect: The actual content of your notes, articles, meetings, voice memos, or any other data you create. We see that "a transcription request was made" but not what was said.
2.4 Data collected automatically
When you use Popy, we may automatically collect:
- Device type and operating system
- App version
- General location (country level, derived from IP address)
- Timestamps of app usage
3. How we use your data
3.1 To provide on-device features
Your data powers all of Popy's core features — search, organisation, connections between items, and more. This processing happens on your device.
3.2 To provide features that require server-side processing
Some features cannot operate entirely on your device. When you use these features, limited data is transmitted to our servers:
- Syncing: If you enable sync, data is transmitted to our servers to keep your devices in step. Synced data is stored only as long as necessary to complete the sync operation.
- Digests and research features: Personalised digests and research features may require us to temporarily store relevant context and configuration on our servers in order to generate and deliver results to you.
- Browser extension: When you save items via the Popy browser extension, data may be relayed through our servers to reach your device.
In all of these cases: we do not read, sell, or repurpose your content. Data transmitted to our servers is used solely for the purpose of delivering the feature, is encrypted in transit, and we make commercially reasonable efforts to ensure its security at rest.
3.3 To provide AI-powered features
Certain features require sending data to third-party AI providers. Our agreements with these providers ensure:
- Your data is processed and immediately discarded
- Your data is never used to train their AI models
- Your data is not stored beyond the time needed to complete the request
- Data is transmitted securely (encrypted in transit)
3.4 To improve Popy
We use anonymised, aggregate usage data to:
- Understand which features are most useful
- Identify and fix bugs
- Make decisions about future development
- Manage infrastructure costs
3.5 To communicate with you
If you've provided your email, we may send:
- Important product updates and security notices
- Responses to your support requests
- Occasional product announcements (you can opt out)
We will never sell your email address or share it with third parties for marketing.
4. How we protect your data
4.1 On-device storage
Your content lives on your device, under your control. We do not have routine access to it.
4.2 Data in transit
All data transmitted between your device and our servers, or between your device and third-party providers, is encrypted using TLS/HTTPS.
4.3 Server-side security
Where data is temporarily processed or stored on our servers (see Section 3.2), we apply commercially reasonable security measures to protect it. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.
4.4 Minimal data collection
We follow the principle of data minimisation — we only collect and transmit what we need to provide and improve the Service.
5. Third-party services
Popy uses third-party services for audio transcription, AI processing, and payment processing. We select providers with strong privacy practices and data protection agreements. When your data is sent to a third-party provider, it is governed by that provider's privacy policy in addition to ours. We encourage you to review their policies.
6. Data retention
6.1 Your content
Your notes, articles, meetings, and other content are stored on your device. We don't maintain permanent copies, so we don't have retention policies for this data — you control it entirely.
Where data has been temporarily transmitted to our servers to deliver a feature (Section 3.2), it is retained only as long as necessary to provide that feature and is removed promptly thereafter.
6.2 Account information
If you have an account, we retain your email and account details for as long as your account is active. If you delete your account, we delete this information within 30 days.
6.3 Usage data
Anonymised usage statistics may be retained indefinitely for aggregate analysis. This data cannot be tied back to you or your content.
7. Your rights
Depending on where you live, you may have the following rights:
7.1 Access
You can request a copy of any personal data we hold about you (primarily account information and usage data associated with your account).
7.2 Deletion
You can request deletion of your account and associated data. Since your content is stored on your device, deleting it is as simple as deleting it within the app or uninstalling Popy.
7.3 Correction
You can update your account information at any time in the app settings.
7.4 Opt-out
You can opt out of non-essential communications at any time.
To exercise any of these rights, contact us at team@getpopy.com.
8. Data deletion
8.1 On-device data
Your content — notes, articles, meetings, voice memos, tasks, and all related data — is stored on your device. We do not have access to this data and cannot read, modify, or delete it remotely. When you delete content within Popy or uninstall the app, that data remains on your device under your control.
If you need assistance clearing local data from your device, contact us at team@getpopy.com and we will guide you through the process.
8.2 Server-side data
Certain features require temporary server-side processing or storage (see Section 3.2). When you delete the app or your account, any server-side data associated with these features is automatically deleted within 4 hours.
8.3 Account and connected services
Popy does not require an account to use. If you connected a Google account to Popy (for example, for calendar integration), that data was stored on your device and not on our servers.
If you created a Popy account, your account information (email, payment history) is deleted within 30 days of account deletion. Anonymised usage statistics are retained but cannot be connected to you.
9. Children's privacy
Popy is not intended for children under 13 (or under 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.
10. International data transfers
If you're located outside the United States, please note that data sent to our AI providers or processed by our servers may be handled in different countries. We ensure appropriate safeguards are in place through our data processing agreements with these providers.
11. Changes to this policy
We may update this privacy policy from time to time. If we make significant changes, we'll notify you through the app or via email before the changes take effect.
The "Last updated" date at the top indicates when this policy was last revised.
12. Contact us
If you have questions, concerns, or requests regarding this privacy policy or your data, contact us at:
Email: team@getpopy.com
Web: getpopy.com
Summary table
| Data type | Stored where | Shared with | Retention |
|---|---|---|---|
| Your content (notes, articles, etc.) | Your device | AI providers for processing (then discarded); our servers temporarily for sync, digests, and extension features | You control it |
| Account info (email) | Our servers | Payment provider | Until account deletion + 30 days |
| Usage statistics | Our servers | No one | Indefinitely (anonymised) |
| Payment info | Payment provider | — | Per provider policy |